github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 22:14:04 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
86396a494e
linux/security
History
John Johansen 86396a494e apparmor: fix introspection of of task mode for unconfined tasks 
[ Upstream commit dd2569fbb0 ]

Fix two issues with introspecting the task mode.

1. If a task is attached to a unconfined profile that is not the
   ns->unconfined profile then. Mode the mode is always reported
   as -

      $ ps -Z
      LABEL                               PID TTY          TIME CMD
      unconfined                         1287 pts/0    00:00:01 bash
      test (-)                           1892 pts/0    00:00:00 ps

   instead of the correct value of (unconfined) as shown below

      $ ps -Z
      LABEL                               PID TTY          TIME CMD
      unconfined                         2483 pts/0    00:00:01 bash
      test (unconfined)                  3591 pts/0    00:00:00 ps

2. if a task is confined by a stack of profiles that are unconfined
   the output of label mode is again the incorrect value of (-) like
   above, instead of (unconfined). This is because the visibile
   profile count increment is skipped by the special casing of
   unconfined.

Fixes: f1bd904175 ("apparmor: add the base fns() for domain labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-06-25 15:32:51 +02:00
..
apparmor apparmor: fix introspection of of task mode for unconfined tasks 2020-06-25 15:32:51 +02:00
integrity ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-22 09:05:26 +02:00
keys mm: add kvfree_sensitive() for freeing sensitive data objects 2020-06-22 09:05:01 +02:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux selinux: properly handle multiple messages in selinux_netlink_send() 2020-05-06 08:13:32 +02:00
smack Smack: slab-out-of-bounds in vsscanf 2020-06-22 09:05:08 +02:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 14:43:38 +00:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c exec: Always set cap_ambient in cap_bprm_set_creds 2020-06-03 08:19:38 +02:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig Revert "x86/mm/legacy: Populate the user page-table with user pgd's" 2018-09-14 17:08:45 +02:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
Makefile
min_addr.c
security.c LSM: generalize flag passing to security_capable 2020-01-23 08:21:29 +01:00