and with the actual introductory text this time
This post contains patches to include the AppArmor application security
framework, with request for inclusion. It contains fixes for almost
all of the feedback received from the previous post. A second follow
up posting will address passing NULL nameidata.
Changes since previous post:
- Refactor d_path() patches: Separate changes to d_path(), getcwd(),
and /proc/mounts from __d_path() cleanups.
- Switch from file_permission() to vfs_permission() in do_path_lookup()
and sys_fchdir(): this avoids calling permission() with a NULL nameidata
there.
- Fix file_permission() to not use NULL nameidata for its remaining users:
it makes little sense to replace file_permission() with vfs_permission()
everywhere.
- Remove special casing for access to /proc/self/attr/current by adding
rules to policy user side.
- Remove redundant fn's in lsm.c by calling cap functions directly from
the security operations vector.
- Disallow ptracing process with different namespace.
- Use beX_to_cpu instead on ntoX in dfa unpack code.
- Fix potential overflow in unpack bounds checking.
- Limit profile recursion depth to 1 level.
- Factor out sysctl pathname code from selinux to add generic
sysctl_pathname() function in kernel/sysctl.c. Replace special casing of
sysctl write with finer grained mediation using sysctl_pathname() functi=
on
to provide pathname for sysctl mediation.
- Escape special characters in pathnames when used in audit messages.
- Remove use of task->comm from audit messages. The use of task->comm was
incorrect and only used as a human readable hint.
- Some structural cleanups on apparmors audit code paths.
- Set LOOKUP_CONTINUE flag when checking parent permissions. This allows
permission functions to tell between parent and leaf checks. Check for
(LOOKUP_PARENT | LOOKUP_CONTINUE) in the inode_permission apparmor hook.
- Drop rejection of CLONE_NEWNS ...
