diff options
author | John Johansen <john.johansen@canonical.com> | 2017-12-12 12:02:13 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 22:30:01 +0300 |
commit | 3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf (patch) | |
tree | 243c6b0514015415805b60cd183ea9e25ac0747b /security/apparmor/include/sig_names.h | |
parent | 1d6583d9c6723d78e446dd203ffd974f6b85ab76 (diff) | |
download | linux-3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf.tar.xz |
apparmor: make signal label match work when matching stacked labels
Given a label with a profile stack of
A//&B or A//&C ...
A ptrace rule should be able to specify a generic trace pattern with
a rule like
signal send A//&**,
however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.
To fix this refactor the cross check to pass the full peer label in to
the label_match.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/sig_names.h')
0 files changed, 0 insertions, 0 deletions