[SRU,Artful,Bionic] apparmor: fix display of .ns_name for containers

Message ID c9c91cf2-2acd-d490-2183-555fd26287d6@canonical.com
State New
Headers show
Series
  • [SRU,Artful,Bionic] apparmor: fix display of .ns_name for containers
Related show

Commit Message

John Johansen Jan. 31, 2018, 10:06 a.m.
The .ns_name should not be virtualized by the current ns view. It
needs to report the ns base name as that is being used during startup
as part of determining apparmor policy namespace support.

BugLink: http://bugs.launchpad.net/bugs/????
Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
Reported-by: Serge Hallyn <serge@hallyn.com>
Tested-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/apparmorfs.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

Comments

Colin King Jan. 31, 2018, 10:08 a.m. | #1
On 31/01/18 10:06, John Johansen wrote:
> The .ns_name should not be virtualized by the current ns view. It
> needs to report the ns base name as that is being used during startup
> as part of determining apparmor policy namespace support.
> 
> BugLink: http://bugs.launchpad.net/bugs/????

What's the bug number for this?

> Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
> Reported-by: Serge Hallyn <serge@hallyn.com>
> Tested-by: Serge Hallyn <serge@hallyn.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/apparmorfs.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d4fa04d91439..a23b0ca19fd0 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v)
>  static int seq_ns_name_show(struct seq_file *seq, void *v)
>  {
>  	struct aa_label *label = begin_current_label_crit_section();
> -
> -	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
> -					   labels_ns(label), true));
> +	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
>  	end_current_label_crit_section(label);
>  
>  	return 0;
>
Kleber Souza Jan. 31, 2018, 10:18 a.m. | #2
On 01/31/18 11:06, John Johansen wrote:
> The .ns_name should not be virtualized by the current ns view. It
> needs to report the ns base name as that is being used during startup
> as part of determining apparmor policy namespace support.
> 
> BugLink: http://bugs.launchpad.net/bugs/????
> Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
> Reported-by: Serge Hallyn <serge@hallyn.com>
> Tested-by: Serge Hallyn <serge@hallyn.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>

If this patch doesn't come from upstream, please add a "UBUNTU: SAUCE:"
prefix to the subject.


Thanks,
Kleber

> ---
>  security/apparmor/apparmorfs.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d4fa04d91439..a23b0ca19fd0 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v)
>  static int seq_ns_name_show(struct seq_file *seq, void *v)
>  {
>  	struct aa_label *label = begin_current_label_crit_section();
> -
> -	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
> -					   labels_ns(label), true));
> +	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
>  	end_current_label_crit_section(label);
>  
>  	return 0;
>
Khaled Elmously Feb. 3, 2018, 2:08 a.m. | #3
Applied to artful

On 2018-01-31 11:06:48 , John Johansen wrote:
> The .ns_name should not be virtualized by the current ns view. It
> needs to report the ns base name as that is being used during startup
> as part of determining apparmor policy namespace support.
> 
> BugLink: http://bugs.launchpad.net/bugs/????
> Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
> Reported-by: Serge Hallyn <serge@hallyn.com>
> Tested-by: Serge Hallyn <serge@hallyn.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/apparmorfs.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d4fa04d91439..a23b0ca19fd0 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v)
>  static int seq_ns_name_show(struct seq_file *seq, void *v)
>  {
>  	struct aa_label *label = begin_current_label_crit_section();
> -
> -	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
> -					   labels_ns(label), true));
> +	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
>  	end_current_label_crit_section(label);
>  
>  	return 0;
> -- 
> 2.14.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Patch

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d4fa04d91439..a23b0ca19fd0 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1189,9 +1189,7 @@  static int seq_ns_level_show(struct seq_file *seq, void *v)
 static int seq_ns_name_show(struct seq_file *seq, void *v)
 {
 	struct aa_label *label = begin_current_label_crit_section();
-
-	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
-					   labels_ns(label), true));
+	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
 	end_current_label_crit_section(label);
 
 	return 0;