[GIT,PULL,UTOPIC,MAKO] AppArmor sync to apparmor3 - RC1 snapshot

Message ID	20140919012544.GG5147@boyd
State	New
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> Date: Thu, 18 Sep 2014 20:25:45 -0500 From: Tyler Hicks <tyhicks@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [GIT PULL][UTOPIC][MAKO] AppArmor sync to apparmor3 - RC1 snapshot Message-ID: <20140919012544.GG5147@boyd> MIME-Version: 1.0 User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: list Content-Type: multipart/mixed; boundary="===============5462162334048385312==" Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com

Message ID

20140919012544.GG5147@boyd

State

New

Headers

Date: Thu, 18 Sep 2014 20:25:45 -0500
From: Tyler Hicks <tyhicks@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [GIT PULL][UTOPIC][MAKO] AppArmor sync to apparmor3 - RC1 snapshot
Message-ID: <20140919012544.GG5147@boyd>
MIME-Version: 1.0
User-Agent: Mutt/1.5.23 (2014-03-12)
Precedence: list
Content-Type: multipart/mixed;
	boundary="===============5462162334048385312=="
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

Message

Tyler Hicks Sept. 19, 2014, 1:25 a.m. UTC

This cleans up several functions over the alpha6 sync, and includes multiple
bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types

While I've prepared the branch and pull request, it should be noted that John
Johansen authored nearly all of the code. We've written an extensive set of
unix socket tests for both the parser and the kernel mediation code. The
required userspace changes (parser, utilities, and policy) have already landed
in Utopic and have been tested with these kernel changes. Please see
LP: #1362199 for more information.

The individual, non-squashed patches can be found with the apparmor-3.RC1 tag
in git://kernel.ubuntu.com/jj/ubuntu-utopic.git

The following changes since commit 5a5e58470c1a6e8228efcd3e0e14945354631216:

  UBUNTU: Ubuntu-mako-3.4.0-5.33 (2014-09-03 12:43:17 -0700)

are available in the git repository at:

  git://kernel.ubuntu.com/tyhicks/ubuntu-utopic.git mako-aa3-backport

for you to fetch changes up to 7c8c437e131b93533448566230662443aeba67fc:

  UBUNTU: SAUCE: (no-up) apparmor: update configs for apparmor 3 - RC1 (2014-09-18 18:28:49 -0500)

----------------------------------------------------------------
John Johansen (1):
      UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot

Tyler Hicks (10):
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix disconnected bind mnts reconnection"
      Revert "UBUNTU: SAUCE: (no-up) apparmor fix: remove unused cxt var for unix_sendmsg"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: use custom write_is_locked macro"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix bug that constantly spam the console"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix apparmor refcount bug in apparmor_kill"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix apparmor spams log with warning message"
      Revert "UBUNTU: SAUCE: (no-ip) apparmor: update configs for apparmor 3 alpha 6"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor 3 - alpha 6 snapshot"
      UBUNTU: SAUCE: (no-up) apparmor: update configs for apparmor 3 - RC1

 security/apparmor/Makefile           |   9 +-
 security/apparmor/af_unix.c          | 632 +++++++++++++++++++++++++++++++++++
 security/apparmor/apparmorfs.c       | 115 +++++--
 security/apparmor/context.c          |   2 +-
 security/apparmor/domain.c           |  11 +-
 security/apparmor/file.c             | 142 +++++---
 security/apparmor/include/af_unix.h  | 121 +++++++
 security/apparmor/include/apparmor.h |   1 +
 security/apparmor/include/audit.h    |  12 +-
 security/apparmor/include/context.h  |  56 ++--
 security/apparmor/include/file.h     |   5 +-
 security/apparmor/include/label.h    |  62 +++-
 security/apparmor/include/net.h      |  62 +++-
 security/apparmor/include/path.h     |   3 +-
 security/apparmor/include/perms.h    |  82 ++---
 security/apparmor/include/policy.h   |  58 +++-
 security/apparmor/ipc.c              |  26 +-
 security/apparmor/label.c            | 380 ++++++++++++++++-----
 security/apparmor/lib.c              | 250 +++++++++++---
 security/apparmor/lsm.c              | 249 +++++++-------
 security/apparmor/mount.c            |  45 ++-
 security/apparmor/net.c              | 352 +++++++++++++++----
 security/apparmor/path.c             |  79 +++--
 security/apparmor/policy.c           |  49 ++-
 security/apparmor/policy_unpack.c    |  24 +-
 security/apparmor/procattr.c         |   2 +-
 26 files changed, 2249 insertions(+), 580 deletions(-)
 create mode 100644 security/apparmor/af_unix.c
 create mode 100644 security/apparmor/include/af_unix.h

Comments

Tim Gardner Sept. 19, 2014, 12:48 p.m. UTC | #1

[GIT,PULL,UTOPIC,MAKO] AppArmor sync to apparmor3 - RC1 snapshot

Pull-request

Message

Comments