AppArmor security module

Prev: vhost-net: avoid flush under lock
Next: [PATCH] ecryptfs: dont call lookup_one_len to avoid NULL nameidata

From: Miklos Szeredi on 15 Jul 2010 09:10

---

On Wed, 14 Jul 2010, John Johansen wrote:
> This is the fifth general posting of the newest version of the
> AppArmor security module it has been rewritten to use the security_path
> hooks instead of the previous vfs approach. The current implementation
> is aimed at being as semantically close to previous versions of AppArmor
> as possible while using the existing LSM infrastructure.
>
> Development is on going and
> improvements to file, capability, network, resource usage and ipc mediation
> are planned.
>
> With this submission we believe AppArmor is ready for inclusion into
> the kernel.
>
> _Issues NOT specifically addressed_
> * The d_namespace_path function still manually strips the " (deleted)"
> string that __d_path appends. A fix to __d_path is being pursued
> independently of the AppArmor submission.

Latest posting on that front:

http://lkml.org/lkml/2010/7/6/186

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

From: Casey Schaufler on 28 Jul 2010 22:40

---

Tetsuo Handa wrote:
> John Johansen wrote:
>
>> With this submission we believe AppArmor is ready for inclusion into
>> the kernel.
>>
> If nobody has objection, I think it is time to add AppArmor for Linux 2.6.36.
>
No objections from me, there is plenty of room in the hottub.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

From: James Morris on 29 Jul 2010 19:10

---

On Thu, 29 Jul 2010, John Johansen wrote:

> This is the seveth general posting of the newest version of the
> AppArmor security module it has been rewritten to use the security_path
> hooks instead of the previous vfs approach. The current implementation
> is aimed at being as semantically close to previous versions of AppArmor
> as possible while using the existing LSM infrastructure.

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

Please carry out any further development against the above tree.

Note that I added the patch below to update AA against the latest
version of path_truncate:


commit 08c702abe63c2da88f811d5c9f98eb01eb8edc77
Author: James Morris <jmorris(a)namei.org>
Date: Fri Jul 30 09:02:04 2010 +1000

AppArmor: update path_truncate method to latest version

Remove extraneous path_truncate arguments from the AppArmor hook,
as they've been removed from the LSM API.

Signed-off-by: James Morris <jmorris(a)namei.org>

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 7daf0d5..8db33a8 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -278,8 +278,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
}

-static int apparmor_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs)
+static int apparmor_path_truncate(struct path *path)
{
struct path_cond cond = { path->dentry->d_inode->i_uid,
path->dentry->d_inode->i_mode


--
James Morris
<jmorris(a)namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

From: Tetsuo Handa on 29 Jul 2010 21:50

---

James Morris wrote:
> Applied to
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

Congratulations!

By the way, security/apparmor/Kconfig and security/apparmor/Makefile seems to be missing...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

From: John Johansen on 29 Jul 2010 22:10

---

On 07/29/2010 06:45 PM, Tetsuo Handa wrote:
> James Morris wrote:
>> Applied to
>> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
>
> Congratulations!
>
thanks, and thankyou for all the reviewing you did

> By the way, security/apparmor/Kconfig and security/apparmor/Makefile seems to be missing...

hrmm,

[PATCH 12/13] AppArmor: Enable configuring and building of the AppArmor security module

Kconfig and Makefiles to enable configuration and building of AppArmor.

Signed-off-by: John Johansen <john.johansen(a)canonical.com>
---
security/Kconfig | 6 ++++++
security/Makefile | 2 ++
security/apparmor/.gitignore | 5 +++++
security/apparmor/Kconfig | 31 +++++++++++++++++++++++++++++++
security/apparmor/Makefile | 24 ++++++++++++++++++++++++
5 files changed, 68 insertions(+), 0 deletions(-)

....
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

 |  Next  |  Last
Pages: 1 2 3
Prev: vhost-net: avoid flush under lock
Next: [PATCH] ecryptfs: dont call lookup_one_len to avoid NULL nameidata