tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor fix from John Johansen:
"This fixes a regression when the kernel feature set is reported as
supporting mount and policy is pinned to a feature set that does not
support mount mediation"

* tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: fix regression in mount mediation when feature set is pinned

Linus Torvalds 9cfd403a 9d61ec5b

options
unified split
Changed files
+11 -1
security
apparmor
mount.c
+11 -1
security/apparmor/mount.c
··· 329 329 AA_BUG(!mntpath); 330 330 AA_BUG(!buffer); 331 331 332 + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 333 + return 0; 334 + 332 335 error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer, 333 336 &mntpnt, &info, profile->disconnected); 334 337 if (error) ··· 382 379 383 380 AA_BUG(!profile); 384 381 AA_BUG(devpath && !devbuffer); 382 + 383 + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 384 + return 0; 385 385 386 386 if (devpath) { 387 387 error = aa_path_name(devpath, path_flags(profile, devpath), ··· 564 558 AA_BUG(!profile); 565 559 AA_BUG(!path); 566 560 561 + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 562 + return 0; 563 + 567 564 error = aa_path_name(path, path_flags(profile, path), buffer, &name, 568 565 &info, profile->disconnected); 569 566 if (error) ··· 622 613 AA_BUG(!new_path); 623 614 AA_BUG(!old_path); 624 615 625 - if (profile_unconfined(profile)) 616 + if (profile_unconfined(profile) || 617 + !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 626 618 return aa_get_newest_label(&profile->label); 627 619 628 620 error = aa_path_name(old_path, path_flags(profile, old_path),