| Message ID | a1c5e169-31be-45dd-d5eb-f656bd6fb544@canonical.com |
|---|---|
| State | New |
| Headers | show |
On Tue, Aug 22, 2017 at 02:50:38PM -0700, John Johansen wrote: > This is a set of cherry-pick from security/next bound for the 4.14 kernel > plus the one remaining out of tree patch required to match the version of > apparmor in zesty. > > Note: The cherry-pick references are currently against security/next and > will need to be updated to upstream linux once the 4.14 merge window > closes. Applied to artful/master-next and unstable/master. I updated the "cherry picked from ..." lines to indicate that the patches came from linux-next. Thanks!
This is a set of cherry-pick from security/next bound for the 4.14 kernel plus the one remaining out of tree patch required to match the version of apparmor in zesty. Note: The cherry-pick references are currently against security/next and will need to be updated to upstream linux once the 4.14 merge window closes. --- The following changes since commit 00c72bc198aa85e5da02de2c0c4cc423c82a54f1: UBUNTU: SAUCE: (efi-lockdown) MODSIGN: Fix module signature verification (2017-08-22 12:30:09 -0500) are available in the git repository at: git://kernel.ubuntu.com/jj/ubuntu-artful.git apparmor-4.13+outoftree for you to fetch changes up to a3b0cb6676a04cdad5cc357bc422d0398083b435: UBUNTU: SAUCE: apparmor: af_unix mediation (2017-08-22 14:19:29 -0700) ---------------------------------------------------------------- Christos Gkekas (1): apparmor: Fix logical error in verify_header() Dan Carpenter (1): apparmor: Fix an error code in aafs_create() Geert Uytterhoeven (1): apparmor: Fix shadowed local variable in unpack_trans_table() John Johansen (13): apparmor: Redundant condition: prev_ns. in [label.c:1498] apparmor: add the ability to mediate signals apparmor: add mount mediation apparmor: cleanup conditional check for label in label_print apparmor: add support for absolute root view based labels apparmor: make policy_unpack able to audit different info messages apparmor: add more debug asserts to apparmorfs apparmor: add base infastructure for socket mediation apparmor: move new_null_profile to after profile lookup fns() apparmor: fix race condition in null profile creation apparmor: ensure unconfined profiles have dfas initialized apparmor: fix incorrect type assignment when freeing proxies UBUNTU: SAUCE: apparmor: af_unix mediation security/apparmor/.gitignore | 1 + security/apparmor/Makefile | 44 ++- security/apparmor/af_unix.c | 651 +++++++++++++++++++++++++++++++ security/apparmor/apparmorfs.c | 43 ++- security/apparmor/domain.c | 4 +- security/apparmor/file.c | 34 +- security/apparmor/include/af_unix.h | 114 ++++++ security/apparmor/include/apparmor.h | 2 + security/apparmor/include/audit.h | 39 +- security/apparmor/include/domain.h | 5 + security/apparmor/include/ipc.h | 6 + security/apparmor/include/label.h | 1 + security/apparmor/include/mount.h | 54 +++ security/apparmor/include/net.h | 124 ++++++ security/apparmor/include/path.h | 1 + security/apparmor/include/perms.h | 5 +- security/apparmor/include/policy.h | 13 + security/apparmor/include/sig_names.h | 95 +++++ security/apparmor/ipc.c | 99 +++++ security/apparmor/label.c | 36 +- security/apparmor/lib.c | 5 +- security/apparmor/lsm.c | 519 +++++++++++++++++++++++++ security/apparmor/mount.c | 696 ++++++++++++++++++++++++++++++++++ security/apparmor/net.c | 356 +++++++++++++++++ security/apparmor/policy.c | 166 ++++---- security/apparmor/policy_ns.c | 2 + security/apparmor/policy_unpack.c | 105 ++++- 27 files changed, 3086 insertions(+), 134 deletions(-) create mode 100644 security/apparmor/af_unix.c create mode 100644 security/apparmor/include/af_unix.h create mode 100644 security/apparmor/include/mount.h create mode 100644 security/apparmor/include/net.h create mode 100644 security/apparmor/include/sig_names.h create mode 100644 security/apparmor/mount.c create mode 100644 security/apparmor/net.c