[Maverick] SRU: AppArmor return correct error code for mediated network connections

Submitted by John Johansen on Sept. 29, 2010, 11:08 p.m.

Details

Message ID 4CA3C709.6020601@canonical.com
State Accepted
Delegated to: Leann Ogasawara
Headers show

Commit Message

John Johansen Sept. 29, 2010, 11:08 p.m.
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 29 Sep 2010 15:39:36 -0700
Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections

Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
AppArmor network compatibility patch.  All network mediation was failing
to be applied because the correct error code was not being set in the
audit structure resulting in a return code of 0 always being returned.

BugLink: http://bugs.launchpad.net/bugs/647071

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/net.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Steve Conklin Sept. 30, 2010, 2:17 p.m.
On Wed, 2010-09-29 at 16:08 -0700, John Johansen wrote:
> From: John Johansen <john.johansen@canonical.com>
> Date: Wed, 29 Sep 2010 15:39:36 -0700
> Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections
> 
> Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
> AppArmor network compatibility patch.  All network mediation was failing
> to be applied because the correct error code was not being set in the
> audit structure resulting in a return code of 0 always being returned.
> 
> BugLink: http://bugs.launchpad.net/bugs/647071
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/net.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/net.c b/security/apparmor/net.c
> index 7c36e82..1765901 100644
> --- a/security/apparmor/net.c
> +++ b/security/apparmor/net.c
> @@ -85,6 +85,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
>  	sa.u.net.sk = sk;
>  	sa.aad.net.type = type;
>  	sa.aad.net.protocol = protocol;
> +	sa.aad.error = error;
>  
>  	if (likely(!sa.aad.error)) {
>  		u16 audit_mask = profile->net.audit[sa.u.net.family];
> -- 
> 1.7.1
> 
> 
Acked-by: Steve Conklin <sconklin@canonical.com>
Leann Ogasawara Sept. 30, 2010, 5:35 p.m.
Applied to Maverick linux master.  As noted, I intend for this to be
included in the day 0 kernel upload for Maverick (see LP Bug 647071).

Thanks,
Leann

On Wed, 2010-09-29 at 16:08 -0700, John Johansen wrote:
> From: John Johansen <john.johansen@canonical.com>
> Date: Wed, 29 Sep 2010 15:39:36 -0700
> Subject: [PATCH] UBUNTU: SAUCE: Return correct error code for mediated network connections
> 
> Fix AppArmor portion of Bug #647071 which is a bug in the ubuntu sauce
> AppArmor network compatibility patch.  All network mediation was failing
> to be applied because the correct error code was not being set in the
> audit structure resulting in a return code of 0 always being returned.
> 
> BugLink: http://bugs.launchpad.net/bugs/647071
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/net.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/net.c b/security/apparmor/net.c
> index 7c36e82..1765901 100644
> --- a/security/apparmor/net.c
> +++ b/security/apparmor/net.c
> @@ -85,6 +85,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
>  	sa.u.net.sk = sk;
>  	sa.aad.net.type = type;
>  	sa.aad.net.protocol = protocol;
> +	sa.aad.error = error;
>  
>  	if (likely(!sa.aad.error)) {
>  		u16 audit_mask = profile->net.audit[sa.u.net.family];
> -- 
> 1.7.1
> 
>

Patch hide | download patch | download mbox

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 7c36e82..1765901 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -85,6 +85,7 @@  static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
 	sa.u.net.sk = sk;
 	sa.aad.net.type = type;
 	sa.aad.net.protocol = protocol;
+	sa.aad.error = error;
 
 	if (likely(!sa.aad.error)) {
 		u16 audit_mask = profile->net.audit[sa.u.net.family];