Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2025-08-20T16:30:46+00:00 2025-08-20T16:30:46+00:00 Gabriel Totev gabriel.totev@zetier.com 2025-04-16T22:42:08+00:00 urn:sha1:cbc395f3bad973f65b8e4c97cfa7dbd51584a345 [ Upstream commit c5bf96d20fd787e4909b755de4705d52f3458836 ] When using AppArmor profiles inside an unprivileged container, the link operation observes an unshifted ouid. (tested with LXD and Incus) For example, root inside container and uid 1000000 outside, with `owner /root/link l,` profile entry for ln: /root$ touch chain && ln chain link ==> dmesg apparmor="DENIED" operation="link" class="file" namespace="root//lxd-feet_<var-snap-lxd-common-lxd>" profile="linkit" name="/root/link" pid=1655 comm="ln" requested_mask="l" denied_mask="l" fsuid=1000000 ouid=0 [<== should be 1000000] target="/root/chain" Fix by mapping inode uid of old_dentry in aa_path_link() rather than using it directly, similarly to how it's mapped in __file_path_perm() later in the file. Signed-off-by: Gabriel Totev <gabriel.totev@zetier.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-05-10T15:44:43+00:00 Colin Ian King colin.i.king@gmail.com 2024-03-04T16:36:55+00:00 urn:sha1:4a8db3678403e34c31df6b99a26414d5e183538c The inlined function is_deleted is redundant, it is not called at all from any function in security/apparmor/file.c and so it can be removed. Cleans up clang scan build warning: security/apparmor/file.c:153:20: warning: unused function 'is_deleted' [-Wunused-function] Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:47+00:00 John Johansen john.johansen@canonical.com 2023-04-28T12:32:52+00:00 urn:sha1:98b824ff8984fd523fc264fbb13208098ab09da3 With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:38+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:90c436a64a6e20482a9a613c47eb4af2e8a5328e The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:34+00:00 John Johansen john.johansen@canonical.com 2022-09-19T07:46:09+00:00 urn:sha1:d20f5a1a6e792d22199c9989ec7ab9e95c48d60c rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:29+00:00 John Johansen john.johansen@canonical.com 2022-09-14T07:20:12+00:00 urn:sha1:bd7bd201ca46c211c3ab251ca9854787d1331a2f Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-07-10T08:07:54+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2023-06-25T01:13:42+00:00 urn:sha1:3175df8032d9486c6d6875256144aa027d905d3f Fix kernel-doc warnings: security/apparmor/file.c:177: warning: Excess function parameter 'dfa' description in 'aa_lookup_fperms' security/apparmor/file.c:177: warning: Function parameter or member 'file_rules' not described in 'aa_lookup_fperms' security/apparmor/file.c:202: warning: Excess function parameter 'dfa' description in 'aa_str_perms' security/apparmor/file.c:202: warning: Excess function parameter 'state' description in 'aa_str_perms' security/apparmor/file.c:202: warning: Function parameter or member 'file_rules' not described in 'aa_str_perms' security/apparmor/file.c:202: warning: Function parameter or member 'start' not described in 'aa_str_perms' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-07-07T16:55:31+00:00 Linus Torvalds torvalds@linux-foundation.org 2023-07-07T16:55:31+00:00 urn:sha1:70806ee18a871140a73a2524a29865e1d904348c Pull apparmor updates from John Johansen: - fix missing error check for rhashtable_insert_fast - add missing failure check in compute_xmatch_perms - fix policy_compat permission remap with extended permissions - fix profile verification and enable it - fix kzalloc perms tables for shared dfas - Fix kernel-doc header for verify_dfa_accept_index - aa_buffer: Convert 1-element array to flexible array - Return directly after a failed kzalloc() in two functions - fix use of strcpy in policy_unpack_test - fix kernel-doc complaints - Fix some kernel-doc comments * tag 'apparmor-pr-2023-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: Fix kernel-doc header for verify_dfa_accept_index apparmor: fix: kzalloc perms tables for shared dfas apparmor: fix profile verification and enable it apparmor: fix policy_compat permission remap with extended permissions apparmor: aa_buffer: Convert 1-element array to flexible array apparmor: add missing failure check in compute_xmatch_perms apparmor: fix missing error check for rhashtable_insert_fast apparmor: Return directly after a failed kzalloc() in two functions AppArmor: Fix some kernel-doc comments apparmor: fix use of strcpy in policy_unpack_test apparmor: fix kernel-doc complaints 2023-01-19T08:24:29+00:00 Christian Brauner brauner@kernel.org 2023-01-13T11:49:30+00:00 urn:sha1:e67fe63341b8117d7e0d9acf0f1222d5138b9266 Convert to struct mnt_idmap. Remove legacy file_mnt_user_ns() and mnt_user_ns(). Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> 2023-01-10T18:04:35+00:00 Randy Dunlap rdunlap@infradead.org 2023-01-02T20:45:12+00:00 urn:sha1:76862af5d1add618f0cc99868bc729925f9551d2 Correct kernel-doc notation to placate kernel-doc W=1 warnings: security/apparmor/policy.c:439: warning: duplicate section name 'Return' security/apparmor/secid.c:57: warning: Cannot understand * security/apparmor/file.c:174: warning: cannot understand function prototype: 'struct aa_perms default_perms = ' Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: John Johansen <john.johansen@canonical.com> Cc: John Johansen <john@apparmor.net> Cc: apparmor@lists.ubuntu.com Cc: Paul Moore <paul@paul-moore.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com>