kernel/linux.git/security/apparmor/resource.c, branch v4.20.9

apparmor: fix mediation of prlimit

2018-06-07T08:51:01+00:00

For primit apparmor requires that if target confinement does not match the setting task's confinement, the setting task requires CAP_SYS_RESOURCE. Unfortunately this was broken when rlimit enforcement was reworked to support labels. Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels") Signed-off-by: John Johansen

apparmor: move context.h to cred.h

2018-02-09T19:30:01+00:00

Now that file contexts have been moved into file, and task context fns() and data have been split from the context, only the cred context remains in context.h so rename to cred.h to better reflect what it deals with. Signed-off-by: John Johansen

apparmor: fix spelling mistake: "resoure" -> "resource"

2017-11-21T08:25:44+00:00

Trivial fix to spelling mistake in comment and also with text in audit_resource call. Signed-off-by: Colin Ian King Signed-off-by: John Johansen

apparmor: move resource checks to using labels

2017-06-11T00:11:40+00:00

Signed-off-by: John Johansen

apparmor: move capability checks to using labels

2017-06-11T00:11:40+00:00

Signed-off-by: John Johansen

apparmor: switch from profiles to using labels on contexts

2017-06-11T00:11:38+00:00

Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen

apparmor: convert to profile block critical sections

2017-06-11T00:11:34+00:00

There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen

apparmor: rename apparmor file fns and data to indicate use

2017-06-08T19:51:52+00:00

prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen Reviewed-by: Seth Arnold Reviewed-by: Kees Cook

apparmor: change aad apparmor_audit_data macro to a fn macro

2017-01-16T09:18:47+00:00

The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen

apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task

2016-07-12T15:43:10+00:00

While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit on another task. The only other example of a AppArmor mediating access to another, already running, task (ignoring fork+exec) is ptrace. The AppArmor model for ptrace is that one of the following must be true: 1) The tracer is unconfined 2) The tracer is in complain mode 3) The tracer and tracee are confined by the same profile 4) The tracer is confined but has SYS_CAP_PTRACE 1), 2, and 3) are already true for setrlimit. We can match the ptrace model just by allowing CAP_SYS_RESOURCE. We still test the values of the rlimit since it can always be overridden using a value that means unlimited for a particular resource. Signed-off-by: Jeff Mahoney Signed-off-by: John Johansen