Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.132 2026-03-04T12:20:24+00:00 2026-03-04T12:20:24+00:00 John Johansen john.johansen@canonical.com 2025-11-09T22:16:54+00:00 urn:sha1:1f736dfe27c857b78f8461cd7c3dd9640be74b37 [ Upstream commit 6ca56813f4a589f536adceb42882855d91fb1125 ] Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers when appropriate. Fixes: baa73d9e478ff ("posix-timers: Make them configurable") Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:690f33e1edf5cd996b54094409de0067ae3fa216 [ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ] The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-19T07:46:09+00:00 urn:sha1:30b3669d40ad2400dfac75d1250596b5b0cb241b [ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ] rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-14T07:20:12+00:00 urn:sha1:c57bc80f4508acd8c52bd89b01d324889065320d [ Upstream commit bd7bd201ca46c211c3ab251ca9854787d1331a2f ] Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2023-06-25T01:13:46+00:00 urn:sha1:0e4721f553e287184634225c400d9433a9374c3d [ Upstream commit 13c1748e217078d437727eef333cb0387d13bc0e ] Fix kernel-doc warnings: security/apparmor/resource.c:111: warning: Function parameter or member 'label' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'new_rlim' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'resource' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'task' not described in 'aa_task_setrlimit' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-10-25T07:15:19+00:00 Yang Li yang.lee@linux.alibaba.com 2022-10-14T08:42:55+00:00 urn:sha1:d44c692350d9a376abab46aa0d70587951971068 'resouce' -> 'resource' Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2396 Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-25T05:35:23+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2022-09-26T11:48:38+00:00 urn:sha1:1f2bc06a8dbff73957f433b22c6fd35fccfb47a4 Update the comments for aa_getprocattr() and audit_resource(), the args of them have beed changed since commit 76a1d263aba3 ("apparmor: switch getprocattr to using label_print fns()"). Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T03:47:36+00:00 urn:sha1:1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590 Convert profile->rules to a list as the next step towards supporting multiple rulesets in a profile. For this step only support a single list entry item. The logic for iterating the list will come as a separate step. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-07-30T00:17:31+00:00 urn:sha1:217af7e2f4deb629aaa49622685ccfee923898ca In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-04-19T23:25:55+00:00 urn:sha1:8c4b785a86be1219f7d50f7b38266c454d6a9bbc Audit messages currently don't contain the mediation class which can make them less clear than they should be in some circumstances. With newer mediation classes coming this potential confusion will become worse. Fix this by adding the mediatin class to the messages. Signed-off-by: John Johansen <john.johansen@canonical.com>