tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

apparmor: export set of capabilities supported by the apparmor module

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>

John Johansen 84f1f787 29b3822f

+15 -1
+5 -1
security/apparmor/Makefile
··· 18 18 cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\ 19 19 sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \ 20 20 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ 21 - echo "};" >> $@ 21 + echo "};" >> $@ ;\ 22 + echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\ 23 + sed $< -r -n -e '/CAP_FS_MASK/d' \ 24 + -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \ 25 + tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 22 26 23 27 24 28 # Build a lower case string table of rlimit names.
+1
security/apparmor/apparmorfs.c
··· 773 773 AA_FS_DIR("file", aa_fs_entry_file), 774 774 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 775 775 AA_FS_DIR("rlimit", aa_fs_entry_rlimit), 776 + AA_FS_DIR("caps", aa_fs_entry_caps), 776 777 { } 777 778 }; 778 779
+5
security/apparmor/capability.c
··· 27 27 */ 28 28 #include "capability_names.h" 29 29 30 + struct aa_fs_entry aa_fs_entry_caps[] = { 31 + AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK), 32 + { } 33 + }; 34 + 30 35 struct audit_cache { 31 36 struct aa_profile *profile; 32 37 kernel_cap_t caps;
+4
security/apparmor/include/capability.h
··· 17 17 18 18 #include <linux/sched.h> 19 19 20 + #include "apparmorfs.h" 21 + 20 22 struct aa_profile; 21 23 22 24 /* aa_caps - confinement data for capabilities ··· 35 33 kernel_cap_t kill; 36 34 kernel_cap_t extended; 37 35 }; 36 + 37 + extern struct aa_fs_entry aa_fs_entry_caps[]; 38 38 39 39 int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 40 40 int audit);