Patchwork [Maverick] SRU: AppArmor return correct error code for mediated network connections

login
register
mail settings
Submitter John Johansen
Date Sept. 29, 2010, 11:08 p.m.
Message ID <4CA3C709.6020601@canonical.com>
Download mbox | patch
Permalink /patch/66102/
State Accepted
Delegated to: Leann Ogasawara
Headers show

Comments

John Johansen - Sept. 29, 2010, 11:08 p.m.
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 29 Sep 2010 15:39:36 -0700
Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections

Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
AppArmor network compatibility patch.  All network mediation was failing
to be applied because the correct error code was not being set in the
audit structure resulting in a return code of 0 always being returned.

BugLink: http://bugs.launchpad.net/bugs/647071

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/net.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Steve Conklin - Sept. 30, 2010, 2:17 p.m.
On Wed, 2010-09-29 at 16:08 -0700, John Johansen wrote:
> From: John Johansen <john.johansen@canonical.com>
> Date: Wed, 29 Sep 2010 15:39:36 -0700
> Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections
> 
> Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
> AppArmor network compatibility patch.  All network mediation was failing
> to be applied because the correct error code was not being set in the
> audit structure resulting in a return code of 0 always being returned.
> 
> BugLink: http://bugs.launchpad.net/bugs/647071
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/net.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/net.c b/security/apparmor/net.c
> index 7c36e82..1765901 100644
> --- a/security/apparmor/net.c
> +++ b/security/apparmor/net.c
> @@ -85,6 +85,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
>  	sa.u.net.sk = sk;
>  	sa.aad.net.type = type;
>  	sa.aad.net.protocol = protocol;
> +	sa.aad.error = error;
>  
>  	if (likely(!sa.aad.error)) {
>  		u16 audit_mask = profile->net.audit[sa.u.net.family];
> -- 
> 1.7.1
> 
> 
Acked-by: Steve Conklin <sconklin@canonical.com>
Leann Ogasawara - Sept. 30, 2010, 5:35 p.m.
Applied to Maverick linux master.  As noted, I intend for this to be
included in the day 0 kernel upload for Maverick (see LP Bug 647071).

Thanks,
Leann

On Wed, 2010-09-29 at 16:08 -0700, John Johansen wrote:
> From: John Johansen <john.johansen@canonical.com>
> Date: Wed, 29 Sep 2010 15:39:36 -0700
> Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections
> 
> Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
> AppArmor network compatibility patch.  All network mediation was failing
> to be applied because the correct error code was not being set in the
> audit structure resulting in a return code of 0 always being returned.
> 
> BugLink: http://bugs.launchpad.net/bugs/647071
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/net.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/net.c b/security/apparmor/net.c
> index 7c36e82..1765901 100644
> --- a/security/apparmor/net.c
> +++ b/security/apparmor/net.c
> @@ -85,6 +85,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
>  	sa.u.net.sk = sk;
>  	sa.aad.net.type = type;
>  	sa.aad.net.protocol = protocol;
> +	sa.aad.error = error;
>  
>  	if (likely(!sa.aad.error)) {
>  		u16 audit_mask = profile->net.audit[sa.u.net.family];
> -- 
> 1.7.1
> 
>

Patch

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 7c36e82..1765901 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -85,6 +85,7 @@  static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
 	sa.u.net.sk = sk;
 	sa.aad.net.type = type;
 	sa.aad.net.protocol = protocol;
+	sa.aad.error = error;
 
 	if (likely(!sa.aad.error)) {
 		u16 audit_mask = profile->net.audit[sa.u.net.family];