[0/11,PULL,Yakkety] resubmit of reverted apparmor patches

Submitted by John Johansen on March 31, 2017, 12:57 p.m.

Details

Message ID 20170331125744.16986-1-john.johansen@canonical.com
State New
Headers show

Pull-request

ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-yakkety.git apparmor

Commit Message

John Johansen March 31, 2017, 12:57 p.m.
This a resubmit of the majority of the apparmor patches that were
reverted during the last SRU cycle. Specifically it does NOT include
  UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check
  UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
  UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
  UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
  UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs
_pin_fs() fails
which were involved in issues resulting in the revert. Fixes for these
patches will be resubmitted separately.

I have left the original acks on the resubmitted patches for documentation
purposes. The patches are also available via pull request from


The following changes since commit d77181440ce9596d4cc476f301025c01eb52c0a5:

  UBUNTU: Ubuntu-4.8.0-45.48 (2017-03-24 12:03:58 +0100)

are available in the git repository at:

  ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-yakkety.git apparmor

for you to fetch changes up to 37a1fcbae4a3ea1098581663e6f1f8b58aac5b9e:

  UBUNTU: SAUCE: apparmor: fix link auditing failure due to, uninitialized var (2017-03-31 05:11:39 -0700)

----------------------------------------------------------------
John Johansen (11):
  UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets
  UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata
  UBUNTU: SAUCE: apparmor: fix reference count bug in label_merge_insert()
  UBUNTU: SAUCE: apparmor: fix label leak when new label is unused
  UBUNTU: SAUCE: apparmor: Don't audit denied access of special apparmor .null file
  UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
  UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces
  UBUNTU: SAUCE: apparmor: fix ns ref count link when removing profiles from policy
  UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags
  UBUNTU: SAUCE: fix regression with domain change in complain mode
  UBUNTU: SAUCE: apparmor: fix link auditing failure due to, uninitialized var

 security/apparmor/af_unix.c    |  2 +-
 security/apparmor/apparmorfs.c | 22 +++++-----
 security/apparmor/domain.c     | 91 +++++++++++++++++++++++++++---------------
 security/apparmor/file.c       |  2 +-
 security/apparmor/label.c      | 24 ++++++++---
 security/apparmor/lsm.c        |  3 ++
 security/apparmor/mount.c      |  1 +
 security/apparmor/policy.c     |  3 ++
 8 files changed, 98 insertions(+), 50 deletions(-)

Comments

Tim Gardner April 3, 2017, 2:28 p.m.

Stefan Bader April 3, 2017, 4:07 p.m.

Thadeu Lima de Souza Cascardo April 4, 2017, 11 a.m.
Applied to yakkety master-next branch.

Thanks.
Cascardo.