[SRU,Artful,Bionic] UBUNTU: SAUCE: apparmor: fix display of .ns_name for containers

Message ID 0e9b707c-bae3-785e-9c06-8b5dc0698822@canonical.com
State New
Headers show
Series
  • [SRU,Artful,Bionic] UBUNTU: SAUCE: apparmor: fix display of .ns_name for containers
Related show

Commit Message

John Johansen Jan. 31, 2018, 10:23 a.m.
The .ns_name should not be virtualized by the current ns view. It
needs to report the ns base name as that is being used during startup
as part of determining apparmor policy namespace support.

BugLink: http://bugs.launchpad.net/bugs/1746463
Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
Reported-by: Serge Hallyn <serge@hallyn.com>
Tested-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/apparmorfs.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

Comments

Colin King Jan. 31, 2018, 10:25 a.m. | #1
On 31/01/18 10:23, John Johansen wrote:
> The .ns_name should not be virtualized by the current ns view. It
> needs to report the ns base name as that is being used during startup
> as part of determining apparmor policy namespace support.
> 
> BugLink: http://bugs.launchpad.net/bugs/1746463
> Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
> Reported-by: Serge Hallyn <serge@hallyn.com>
> Tested-by: Serge Hallyn <serge@hallyn.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/apparmorfs.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d4fa04d91439..a23b0ca19fd0 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v)
>  static int seq_ns_name_show(struct seq_file *seq, void *v)
>  {
>  	struct aa_label *label = begin_current_label_crit_section();
> -
> -	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
> -					   labels_ns(label), true));
> +	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
>  	end_current_label_crit_section(label);
>  
>  	return 0;
> 
Thanks John.

Acked-by: Colin Ian King <colin.king@canonical.com>
Seth Forshee Jan. 31, 2018, 11:33 a.m. | #2
On Wed, Jan 31, 2018 at 11:23:41AM +0100, John Johansen wrote:
> The .ns_name should not be virtualized by the current ns view. It
> needs to report the ns base name as that is being used during startup
> as part of determining apparmor policy namespace support.
> 
> BugLink: http://bugs.launchpad.net/bugs/1746463
> Fixes: d9f02d9c237aa ("apparmor: fix display of ns name")
> Reported-by: Serge Hallyn <serge@hallyn.com>
> Tested-by: Serge Hallyn <serge@hallyn.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>

Acked-by: Seth Forshee <seth.forshee@canonical.com>

Applied to bionic/master and unstable/master-next, thanks!

Patch

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d4fa04d91439..a23b0ca19fd0 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1189,9 +1189,7 @@  static int seq_ns_level_show(struct seq_file *seq, void *v)
 static int seq_ns_name_show(struct seq_file *seq, void *v)
 {
 	struct aa_label *label = begin_current_label_crit_section();
-
-	seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
-					   labels_ns(label), true));
+	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
 	end_current_label_crit_section(label);
 
 	return 0;