Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2023-10-18T22:58:49+00:00 2023-10-18T22:58:49+00:00 Georgia Garcia georgia.garcia@canonical.com 2023-03-20T17:43:41+00:00 urn:sha1:c4371d90633b73cf6e86aff43ff2b5d95ad2b9eb For now, the io_uring mediation is limited to sqpoll and override_creds. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:29+00:00 John Johansen john.johansen@canonical.com 2022-09-14T07:20:12+00:00 urn:sha1:bd7bd201ca46c211c3ab251ca9854787d1331a2f Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-07-30T00:17:31+00:00 urn:sha1:217af7e2f4deb629aaa49622685ccfee923898ca In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T06:57:51+00:00 urn:sha1:3dfd16ab697ff23973b6fbb89808372bcd008dd1 Perm accumulation is going to be used much more frequently so let the compiler figure out if it can be optimized when used. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T06:53:29+00:00 urn:sha1:0bece4fa97a2bd397da66d4fced78f76eb214a3e accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T10:33:43+00:00 urn:sha1:90917d5b6866df79d892087ba51b46c983d2fcfe add indexes for label and tag entries. Rename the domain table to the str_table as its a shared string table with label and tags. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T10:29:19+00:00 urn:sha1:ae6d35ed0a481824a8730c39d5b319c8a76ea00e Allow the xindex to have 2^24 entries. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T08:53:46+00:00 urn:sha1:e844fe9b51c984472ea98be3b2d1201ba9ee3213 Remap polidydb dfa accept table from embedded perms to an index, and then move the perm lookup to use the accept entry as an index into the perm table. This is done so that the perm table can be separated from the dfa, allowing dfa accept to index to share expanded permission sets. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2021-04-10T09:09:44+00:00 urn:sha1:bf690f59d0429c62de4db1234f16557eedcb39bf The shared permissions struct has the stop field which is unneeded and the "reserved" subtree field commented which is needed. Also reorganize so that the entries are logically grouped. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2020-11-17T09:38:16+00:00 urn:sha1:e2967ede22978f132cd52929edff96c701bde0eb Rather than computing policydb permissions for each access permissions can be computed once on profile load and stored for lookup. Signed-off-by: John Johansen <john.johansen@canonical.com>