{"id":2219292,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2219292/?format=json","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/1.0/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260402184923.2681798-2-georgia.garcia@canonical.com>","date":"2026-04-02T18:49:22","name":"[SRU,Q,1/2] UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation sock_file_perm","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"f9c29d13a353d824f8d6848bc073cce389378e13","submitter":{"id":82129,"url":"http://patchwork.ozlabs.org/api/1.0/people/82129/?format=json","name":"Georgia Garcia","email":"georgia.garcia@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260402184923.2681798-2-georgia.garcia@canonical.com/mbox/","series":[{"id":498541,"url":"http://patchwork.ozlabs.org/api/1.0/series/498541/?format=json","date":"2026-04-02T18:49:21","name":"fix network mediation issues","version":1,"mbox":"http://patchwork.ozlabs.org/series/498541/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2219292/checks/","tags":{},"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=JWjgW0ph;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmrWD6QnRz1yGY\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 03 Apr 2026 05:49:44 +1100 (AEDT)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1w8N6j-0004PC-Ev; Thu, 02 Apr 2026 18:49:33 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <georgia.garcia@canonical.com>)\n id 1w8N6i-0004ON-6K\n for kernel-team@lists.ubuntu.com; Thu, 02 Apr 2026 18:49:32 +0000","from mail-vk1-f197.google.com (mail-vk1-f197.google.com\n [209.85.221.197])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 0EC183F648\n for <kernel-team@lists.ubuntu.com>; Thu,  2 Apr 2026 18:49:32 +0000 (UTC)","by mail-vk1-f197.google.com with SMTP id\n 71dfb90a1353d-56b67e8c2f5so2205369e0c.0\n for <kernel-team@lists.ubuntu.com>; Thu, 02 Apr 2026 11:49:32 -0700 (PDT)","from georgia.. ([177.220.176.197]) by smtp.gmail.com with ESMTPSA id\n 71dfb90a1353d-56d9bc9b75dsm4359091e0c.12.2026.04.02.11.49.28\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 02 Apr 2026 11:49:29 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775155772;\n bh=81ShG49oDsR9ESpyNaW9WBjfOyuKkVLUboAk853W4ok=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=JWjgW0phFM76DXjv8GgcBtP4fImRBjRI126JN+auml1n9zYefoZMUdvBqve9NhIGq\n svAtUmn+7o4JBiFWH1pIkQymFeVuM09/SKxFU5xKIyONvw7dB/Z7EJIt2d1ogRXNLv\n GiKvgzGpJ6bl67c6R4nupmRBgfy3tuwHbCevstdUlB8cEEJUtfZ39A/cN736mkRaBE\n JyZIvQicZzK7MbnJJE+gL1sFxEJsZjGZB86ojnF6xYPFgxI3qieg9Y3JAJaMqXACnW\n QRLxmwA/trUZUV/JcxEWV1Olkd8/NexVycLG2VUZp3ts8K4g+XJSGpbBipm65LMNVK\n TbOHDavzkL/U3kjLRhdxm99FGA0IFW4tA7zbZ1WV/56oo+IxEX+1THjanHM7hpKjnI\n soFn0e3I507ATn0/90G9g676MVD4X4eCxPNbBJQWq1ZYxzda5EyK8PR6VsdMOrWUym\n dnd2FQHMHWi6yyV3DTr8sh4UqTfonx2SxFAfONehf5e1AQF1Md7cnCpRkDkVQpRv9h\n bXOgm+JhqLMvWSp0O8/rlWfIiYyzi/ltOrD4nI1j0e9i8WLUMI4sm6jenUhKg6Dp4Z\n 0GBzvRQss646LQOD1vywpIIXP8wPzX/5HAV9JO1ikh28Kws/Roar+3RxDTg2+oSv7g\n 1D/oXi3gp0a65d0pmtHNKOPY=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775155770; x=1775760570;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=81ShG49oDsR9ESpyNaW9WBjfOyuKkVLUboAk853W4ok=;\n b=D1851A13LYHAcGaCkZWjAeJG+cfXJCpTRel2k6+EbZ4jWtIZSnjb0Bx3XpjRHDOvAR\n rKRwIwXBzjrOBQNipLyOL8w1snwcXQk/CjLENrua3GFeFd2nKutU3TIVsr9TS3Rkwi/d\n Vz6eVI3bhbrhjUWVVQVg99pXa38xby1YwSlxA7NxpruXwx26SGGa1hVmUQK5Eg5TX+pr\n pSwqBO2QZtVdt6j6ehi8VNm3uzX6LdEnt5Bzy1koDo39BdBo58U7Iy5gDn3dLBDhXOOQ\n xjEjvZftoss4DL1r3JUdEHqsrK3tOp0huTc8rv5SOtE5qSa5p9PRxOW4Lm4GdvDmgqrA\n rh2Q==","X-Gm-Message-State":"AOJu0YycYpRZ/tESApLM28QnOTjIh+2j+Tb+njuMnzjd+LJd3GQx7d+f\n P9dmcpmGAlgnnN/OKis7s7gBM18sZYp3yTwJUHBQsExeZTOan/yjFkUA4b/oy3klwatyEN4XLLb\n q5Ye/zskkNBzZagnuuN4URiUop8N8w9IV+PT9fIARb4bbTwwX+ny4WWn/WhY8hJPprPS0UbrEpm\n XzRKAFKXXpj2y8rg==","X-Gm-Gg":"ATEYQzwtG0QGfw5K/dDM4t8H4Gy1DM3OqEKWk55t6B8H3cHIaL1lD7nAy9Uj9qhSoLG\n YLtALlHOdBDy1j1lWvcDVkuhRAU15frMua4fmWATTVUqKxqpA3A9DjTOxMMfx9kvANpeWNm5m+9\n a7WGkYTvSrlV3GJ7s6gLtDVk42jj0VE0kE9HZdKeyULQRwtpMvqKK9b/GKGssOOXC4FkLvFKkmU\n A099mHqmsukKJ2OsiuxixPkvUMh/WLMkE1baZH/ozG1A35vo1rW1dyTAzHf4xm2krvXItbk3YYc\n PrXAgA8oNUFPq8Fngwtl3wriEqWnSjnJWhU9Gx48VkzoxmUtdt3PAeiAGaUJkP+1zANhjqI77L8\n Tqbd8OQC4HnBDN1AfqNm5KMcbwayritznhim21XTGnvXDc+/5YwBuPaiHTbnubEs=","X-Received":["by 2002:a05:6122:c9a:b0:56c:fe16:f54b with SMTP id\n 71dfb90a1353d-56dab98ac50mr94918e0c.11.1775155770497;\n Thu, 02 Apr 2026 11:49:30 -0700 (PDT)","by 2002:a05:6122:c9a:b0:56c:fe16:f54b with SMTP id\n 71dfb90a1353d-56dab98ac50mr94914e0c.11.1775155770095;\n Thu, 02 Apr 2026 11:49:30 -0700 (PDT)"],"From":"Georgia Garcia <georgia.garcia@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][Q][PATCH 1/2] UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor:\n fix fine grained inet mediation sock_file_perm","Date":"Thu,  2 Apr 2026 15:49:22 -0300","Message-ID":"<20260402184923.2681798-2-georgia.garcia@canonical.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260402184923.2681798-1-georgia.garcia@canonical.com>","References":"<20260402184923.2681798-1-georgia.garcia@canonical.com>","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: John Johansen <john.johansen@canonical.com>\n\nBugLink: https://bugs.launchpad.net/bugs/2142860\n\nDuring a rebase the code to wire in the fine grained inet mediation\nfor sock_file_perm got dropped. This breaks network mediation if\nv8/v9 fine grained inet mediation is used.\n\nRestore the dropped code\n\nFixes: ace129477b6b (\"UBUNTU: SAUCE: apparmor5.0.0 [14/38]: apparmor: net: add fine grained ipv4/ipv6 mediation\")\nSigned-off-by: John Johansen <john.johansen@canonical.com>\n(cherry picked from commit 5240899d3fb2e01b88ecceb2c53921dd64b74c75 resolute:linux)\nSigned-off-by: Georgia Garcia <georgia.garcia@canonical.com>\n---\n security/apparmor/net.c | 9 ++++++++-\n 1 file changed, 8 insertions(+), 1 deletion(-)","diff":"diff --git a/security/apparmor/net.c b/security/apparmor/net.c\nindex 71905b57e417..05bc5df5881b 100644\n--- a/security/apparmor/net.c\n+++ b/security/apparmor/net.c\n@@ -356,8 +356,15 @@ int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,\n \tAA_BUG(!sock);\n \tAA_BUG(!sock->sk);\n \n-\tif (sock->sk->sk_family == PF_UNIX)\n+\tswitch (sock->sk->sk_family) {\n+\tcase PF_UNIX:\n \t\treturn aa_unix_file_perm(subj_cred, label, op, request, file);\n+\t\tbreak;\n+\tcase PF_INET:\n+\tcase PF_INET6:\n+\t\treturn aa_inet_file_perm(subj_cred, label, op, request, sock);\n+\t\tbreak;\n+\t}\n \treturn aa_label_sk_perm(subj_cred, label, op, request, sock->sk);\n }\n \n","prefixes":["SRU","Q","1/2"]}