Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0.11 2026-01-29T09:27:55+00:00 2026-01-29T09:27:55+00:00 John Johansen john.johansen@canonical.com 2025-12-25T09:21:23+00:00 urn:sha1:796c146fa6c8289afc9e18004c21bfe05c75a487 This patch doesn't change current functionality, it switches the two uses of the in_ns fns and macros into the two semantically different cases they are used for. xxx_in_scope for checking mediation interaction between profiles xxx_in_view to determine which profiles are visible.The scope will always be a subset of the view as profiles that can not see each other can not interact. The split can not be completely done for label_match because it has to distinct uses matching permission against label in scope, and checking if a transition to a profile is allowed. The transition to a profile can include profiles that are in view but not in scope, so retain this distinction as a parameter. While at the moment the two uses are very similar, in the future there will be additional differences. So make sure the semantics differences are present in the code. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2026-01-22T12:56:39+00:00 John Johansen john.johansen@canonical.com 2025-08-01T09:21:44+00:00 urn:sha1:c140dcd1246bfe705921ca881bbb247ff1ba2bca The strtable is currently limited to a single entry string on unpack even though domain has the concept of multiple entries within it. Make this a reality as it will be used for tags and more advanced domain transitions. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-07-20T09:31:06+00:00 John Johansen john.johansen@canonical.com 2025-02-17T09:46:37+00:00 urn:sha1:9afdc6abb007d5a86f54e9f10870ac1468155ca5 The set of rules on a profile is not dynamically extended, instead if a new ruleset is needed a new version of the profile is created. This allows us to use a vector of rules instead of a list, slightly reducing memory usage and simplifying the code. Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-07-20T09:19:28+00:00 Ryan Lee ryan.lee@canonical.com 2025-06-23T21:58:00+00:00 urn:sha1:4ce7d3cf5ad846a8843f8afc78de2a8309f74f12 This section of profile_transition that occurs after x_to_label only happens if perms.allow already has the MAY_EXEC bit set, so we don't need to set it again. Fixes: 16916b17b4f8 ("apparmor: force auditing of conflicting attachment execs from confined") Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-05-26T03:15:01+00:00 Ryan Lee ryan.lee@canonical.com 2025-05-02T00:55:46+00:00 urn:sha1:16916b17b4f80f99aad2ad29ad112313539ad219 Conflicting attachment paths are an error state that result in the binary in question executing under an unexpected ix/ux fallback. As such, it should be audited to record the occurrence of conflicting attachments. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-05-26T03:15:01+00:00 Ryan Lee ryan.lee@canonical.com 2025-05-02T00:55:45+00:00 urn:sha1:b824b5f82bbc8ace0982391a1718b04a1f93346e Instead of silently overwriting the conflicting profile attachment string, include that information in the ix/ux fallback string that gets set as info instead. Also add a warning print if some other info is set that would be overwritten by the ix/ux fallback string or by the profile not found error. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-05-26T03:15:01+00:00 Ryan Lee ryan.lee@canonical.com 2025-05-02T00:55:44+00:00 urn:sha1:e76d733b1b1ff0bec6a305341fda3fe937fbf51f Instead of having a literal, making this a constant will allow for (hacky) detection of conflicting profile attachments from inspection of the info pointer. This is used in the next patch to augment the information provided through domain.c:x_to_label for ix/ux fallback. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-05-26T03:15:01+00:00 Ryan Lee ryan.lee@canonical.com 2025-05-02T00:55:43+00:00 urn:sha1:89a3561e69e5187fcce302eef429acd38aec1277 find_attach may set info if something unusual happens during that process (currently only used to signal conflicting attachments, but this could be expanded in the future). This is information that should be propagated to userspace via an audit message. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-02-10T19:17:49+00:00 Tanya Agarwal tanyaagarwal25699@gmail.com 2025-01-23T19:21:00+00:00 urn:sha1:aabbe6f908d8264cd8aeeef8141665f71668ef36 Fix typos and spelling errors in apparmor module comments that were identified using the codespell tool. No functional changes - documentation only. Signed-off-by: Tanya Agarwal <tanyaagarwal25699@gmail.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-01-18T14:47:12+00:00 John Johansen john.johansen@canonical.com 2024-01-03T05:54:30+00:00 urn:sha1:a9eb185be84e998aa9a99c7760534ccc06216705 x_table_lookup currently does stacking during label_parse() if the target specifies a stack but its only caller ensures that it will never be used with stacking. Refactor to slightly simplify the code in x_to_label(), this also fixes a long standing problem where x_to_labels check on stacking is only on the first element to the table option list, instead of the element that is found and used. Signed-off-by: John Johansen <john.johansen@canonical.com>