Patchwork [10/11] AppArmor: make the global side the correct type

login
register
mail settings
Submitter John Johansen
Date April 13, 2010, 7:09 a.m.
Message ID <1271142580-26555-11-git-send-email-john.johansen@canonical.com>
Download mbox | patch
Permalink /patch/50044/
State Accepted
Delegated to: Andy Whitcroft
Headers show

Comments

John Johansen - April 13, 2010, 7:09 a.m.
From: John Johansen <john.johansen@canonical.com>

OriginalAuthor: John Johansen <john.johansen@canonical.com>
OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$
commit: e033dc48e794368f00fa70c2f17ee6e37165069e
BugLink: http://bugs.launchpad.net/bugs/562047

The global sid type was not properly updated when the sid was transitioned
from a u16:u16 pair of global and user sid to a single u32 sid.  This
causes the sid to wrap, this won't cause problems for mediation, but could
conceivably cause problems for an extremely long lived learning session
where profile are frequently replaced.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/sid.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Andy Whitcroft - April 13, 2010, 9:19 a.m.
On Tue, Apr 13, 2010 at 12:09:39AM -0700, john.johansen@canonical.com wrote:
> From: John Johansen <john.johansen@canonical.com>
> 
> OriginalAuthor: John Johansen <john.johansen@canonical.com>
> OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$
> commit: e033dc48e794368f00fa70c2f17ee6e37165069e
> BugLink: http://bugs.launchpad.net/bugs/562047
> 
> The global sid type was not properly updated when the sid was transitioned
> from a u16:u16 pair of global and user sid to a single u32 sid.  This
> causes the sid to wrap, this won't cause problems for mediation, but could
> conceivably cause problems for an extremely long lived learning session
> where profile are frequently replaced.
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/sid.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/security/apparmor/sid.c b/security/apparmor/sid.c
> index e0b76de..5e73c62 100644
> --- a/security/apparmor/sid.c
> +++ b/security/apparmor/sid.c
> @@ -24,7 +24,7 @@
>  #include "include/sid.h"
>  
>  /* global counter from which sids are allocated */
> -static u16 global_sid;
> +static u32 global_sid;
>  static DEFINE_SPINLOCK(sid_lock);
>  
>  /* TODO FIXME: add sid to profile mapping, and sid recycling */

Acked-by: Andy Whitcroft <apw@canonical.com>

-apw

Patch

diff --git a/security/apparmor/sid.c b/security/apparmor/sid.c
index e0b76de..5e73c62 100644
--- a/security/apparmor/sid.c
+++ b/security/apparmor/sid.c
@@ -24,7 +24,7 @@ 
 #include "include/sid.h"
 
 /* global counter from which sids are allocated */
-static u16 global_sid;
+static u32 global_sid;
 static DEFINE_SPINLOCK(sid_lock);
 
 /* TODO FIXME: add sid to profile mapping, and sid recycling */