Message ID | 1443720500-9554-1-git-send-email-john.johansen@canonical.com |
---|---|
State | New |
Headers | show |
On Thu, Oct 01, 2015 at 10:28:20AM -0700, John Johansen wrote: > upstream: No. This is a fix to an out of tree apparmor 3 patch > > BugLink: http://bugs.launchpad.net/bugs/1496430 > > Mount rules are not honoring the attach_disconnected flag, causing > apparmor to deny mounts for lxc and docker even when the appropriate > rule exists in the profile. > > Signed-off-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/mount.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c > index ee6229d..b2d3354 100644 > --- a/security/apparmor/mount.c > +++ b/security/apparmor/mount.c > @@ -332,7 +332,7 @@ audit: > static int path_flags(struct aa_profile *profile, struct path *path) > { > return profile->path_flags | > - S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; > + (S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0); > } > > int aa_remount(struct aa_label *label, struct path *path, unsigned long flags, > -- > 2.1.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
It seems my script to prepend the release for the patch is broken This patch applies to: wily, vivid, lts-saucy, trusty
On Thu, Oct 01, 2015 at 11:02:11AM -0700, John Johansen wrote: > It seems my script to prepend the release for the patch is broken > > This patch applies to: wily, vivid, lts-saucy, trusty > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team lts-saucy is no longer supported.
(Assuming John meant lts-utopic and not lts-saucy.) Ack'ed and applied to LTS utopic lts-backport-utopic-next branch. Cheers, -- Luís
Applied to wily master-next and unstable master. -apw
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index ee6229d..b2d3354 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -332,7 +332,7 @@ audit: static int path_flags(struct aa_profile *profile, struct path *path) { return profile->path_flags | - S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; + (S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0); } int aa_remount(struct aa_label *label, struct path *path, unsigned long flags,
upstream: No. This is a fix to an out of tree apparmor 3 patch BugLink: http://bugs.launchpad.net/bugs/1496430 Mount rules are not honoring the attach_disconnected flag, causing apparmor to deny mounts for lxc and docker even when the appropriate rule exists in the profile. Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/mount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)