[10/11] AppArmor: make the global side the correct type

Submitted by John Johansen on April 13, 2010, 7:09 a.m.

Details

Message ID 1271142580-26555-11-git-send-email-john.johansen@canonical.com
State Accepted
Delegated to: Andy Whitcroft
Headers show

Commit Message

John Johansen April 13, 2010, 7:09 a.m.
From: John Johansen <john.johansen@canonical.com>

OriginalAuthor: John Johansen <john.johansen@canonical.com>
OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$
commit: e033dc48e794368f00fa70c2f17ee6e37165069e
BugLink: http://bugs.launchpad.net/bugs/562047

The global sid type was not properly updated when the sid was transitioned
from a u16:u16 pair of global and user sid to a single u32 sid.  This
causes the sid to wrap, this won't cause problems for mediation, but could
conceivably cause problems for an extremely long lived learning session
where profile are frequently replaced.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/sid.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Andy Whitcroft April 13, 2010, 9:19 a.m.
On Tue, Apr 13, 2010 at 12:09:39AM -0700, john.johansen@canonical.com wrote:
> From: John Johansen <john.johansen@canonical.com>
> 
> OriginalAuthor: John Johansen <john.johansen@canonical.com>
> OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$
> commit: e033dc48e794368f00fa70c2f17ee6e37165069e
> BugLink: http://bugs.launchpad.net/bugs/562047
> 
> The global sid type was not properly updated when the sid was transitioned
> from a u16:u16 pair of global and user sid to a single u32 sid.  This
> causes the sid to wrap, this won't cause problems for mediation, but could
> conceivably cause problems for an extremely long lived learning session
> where profile are frequently replaced.
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/sid.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/security/apparmor/sid.c b/security/apparmor/sid.c
> index e0b76de..5e73c62 100644
> --- a/security/apparmor/sid.c
> +++ b/security/apparmor/sid.c
> @@ -24,7 +24,7 @@
>  #include "include/sid.h"
>  
>  /* global counter from which sids are allocated */
> -static u16 global_sid;
> +static u32 global_sid;
>  static DEFINE_SPINLOCK(sid_lock);
>  
>  /* TODO FIXME: add sid to profile mapping, and sid recycling */

Acked-by: Andy Whitcroft <apw@canonical.com>

-apw

Patch hide | download patch | download mbox

diff --git a/security/apparmor/sid.c b/security/apparmor/sid.c
index e0b76de..5e73c62 100644
--- a/security/apparmor/sid.c
+++ b/security/apparmor/sid.c
@@ -24,7 +24,7 @@ 
 #include "include/sid.h"
 
 /* global counter from which sids are allocated */
-static u16 global_sid;
+static u32 global_sid;
 static DEFINE_SPINLOCK(sid_lock);
 
 /* TODO FIXME: add sid to profile mapping, and sid recycling */