apparmor: add special .null file used to "close" fds at exec

Borrow the special null device file from selinux to "close" fds that don't have sufficient permissions at exec time. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-01-16 11:42:45 +0300
committer: John Johansen <john.johansen@canonical.com> 2017-01-16 12:18:35 +0300
commit: a71ada305801e940ff69c2c58489778760e5148b (patch)
tree: 4fc18f426bff2471c50b87c5b5c6df4749deee11 /security/apparmor/include/policy_ns.h
parent: 34c426acb75cc21bdf84685e106db0c1a3565057 (diff)
download: linux-a71ada305801e940ff69c2c58489778760e5148b.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h
index 820d86d266fe..89cffddd7e75 100644
--- a/security/apparmor/include/policy_ns.h
+++ b/security/apparmor/include/policy_ns.h
@@ -44,6 +44,7 @@ struct aa_ns_acct {
  * @sub_ns: list of namespaces under the current namespace.
  * @uniq_null: uniq value used for null learning profiles
  * @uniq_id: a unique id count for the profiles in the namespace
+ * @level: level of ns within the tree hierarchy
  * @dents: dentries for the namespaces file entries in apparmorfs
  *
  * An aa_ns defines the set profiles that are searched to determine which
@@ -66,6 +67,7 @@ struct aa_ns {
 	struct list_head sub_ns;
 	atomic_t uniq_null;
 	long uniq_id;
+	int level;
 
 	struct dentry *dents[AAFS_NS_SIZEOF];
 };
author	John Johansen <john.johansen@canonical.com>	2017-01-16 11:42:45 +0300
committer	John Johansen <john.johansen@canonical.com>	2017-01-16 12:18:35 +0300
commit	a71ada305801e940ff69c2c58489778760e5148b (patch)
tree	4fc18f426bff2471c50b87c5b5c6df4749deee11 /security/apparmor/include/policy_ns.h
parent	34c426acb75cc21bdf84685e106db0c1a3565057 (diff)
download	linux-a71ada305801e940ff69c2c58489778760e5148b.tar.xz