| Message ID | 1443721514-10403-1-git-send-email-john.johansen@canonical.com |
|---|---|
| State | New |
| Headers | show |
On Thu, Oct 01, 2015 at 10:45:14AM -0700, John Johansen wrote: > upstream: No. This is a fix to an out of tree apparmor 3 patch > > BugLink: http://bugs.launchpad.net/bugs/1496430 > > Mount rules are not honoring the attach_disconnected flag, causing > apparmor to deny mounts for lxc and docker even when the appropriate > rule exists in the profile. > > Signed-off-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/mount.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c > index 2a9164a..8e17122 100644 > --- a/security/apparmor/mount.c > +++ b/security/apparmor/mount.c > @@ -332,7 +332,7 @@ audit: > static int path_flags(struct aa_profile *profile, struct path *path) > { > return profile->path_flags | > - S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; > + (S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0); > } > > int aa_remount(struct aa_label *label, struct path *path, unsigned long flags, > -- > 2.1.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Ack'ed and applied to Precise master-next branch. Cheers, -- Luís
On Thu, Oct 01, 2015 at 07:11:18PM +0100, Luis Henriques wrote:
> Ack'ed and applied to Precise master-next branch.
I meant 'Vivid' master-next.
Cheers,
--
Luís
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 2a9164a..8e17122 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -332,7 +332,7 @@ audit: static int path_flags(struct aa_profile *profile, struct path *path) { return profile->path_flags | - S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; + (S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0); } int aa_remount(struct aa_label *label, struct path *path, unsigned long flags,
upstream: No. This is a fix to an out of tree apparmor 3 patch BugLink: http://bugs.launchpad.net/bugs/1496430 Mount rules are not honoring the attach_disconnected flag, causing apparmor to deny mounts for lxc and docker even when the appropriate rule exists in the profile. Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/mount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)