Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.9.5 2016-11-21T07:01:28Z 2016-11-21T07:01:28Z John Johansen john.johansen@canonical.com 2016-09-01T04:10:06Z urn:sha1:3d40658c977769ce2138f286cf131537bf68bdfe After a policy replacement, the task cred may be out of date and need to be updated. However change_hat is using the stale profiles from the out of date cred resulting in either: a stale profile being applied or, incorrect failure when searching for a hat profile as it has been migrated to the new parent profile. Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat) Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied) Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000287 Cc: stable@vger.kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2016-09-28T01:06:21Z Deepa Dinamani deepa.kernel@gmail.com 2016-09-14T14:48:04Z urn:sha1:078cd8279e659989b103359bb22373cc79445bde CURRENT_TIME macro is not appropriate for filesystems as it doesn't use the right granularity for filesystem timestamps. Use current_time() instead. CURRENT_TIME is also not y2038 safe. This is also in preparation for the patch that transitions vfs timestamps to use 64 bit time and hence make them y2038 safe. As part of the effort current_time() will be extended to do range checks. Hence, it is necessary for all file system timestamps to use current_time(). Also, current_time() will be transitioned along with vfs to be y2038 safe. Note that whenever a single call to current_time() is used to change timestamps in different inodes, it is because they share the same time granularity. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Felipe Balbi <balbi@kernel.org> Acked-by: Steven Whitehouse <swhiteho@redhat.com> Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Acked-by: David Sterba <dsterba@suse.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-07-27T07:39:26Z Arnd Bergmann arnd@arndb.de 2016-07-25T17:59:07Z urn:sha1:7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 The newly added Kconfig option could never work and just causes a build error when disabled: security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT; The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant. Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2016-07-12T15:43:10Z John Johansen john.johansen@canonical.com 2016-07-10T06:46:33Z urn:sha1:d4d03f74a73f3b8b2801d4d02011b6b69778cbcc Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-12T15:43:10Z Vegard Nossum vegard.nossum@oracle.com 2016-07-07T20:41:11Z urn:sha1:e89b8081327ac9efbf273e790b8677e64fd0361a When proc_pid_attr_write() was changed to use memdup_user apparmor's (interface violating) assumption that the setprocattr buffer was always a single page was violated. The size test is not strictly speaking needed as proc_pid_attr_write() will reject anything larger, but for the sake of robustness we can keep it in. SMACK and SELinux look safe to me, but somebody else should probably have a look just in case. Based on original patch from Vegard Nossum <vegard.nossum@oracle.com> modified for the case that apparmor provides null termination. Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2016-07-12T15:43:10Z Heinrich Schuchardt xypron.glpk@gmx.de 2016-06-10T21:34:26Z urn:sha1:f4ee2def2d70692ccff0d55353df4ee594fd0017 Do not copy uninitalized fields th.td_hilen, th.td_data. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-12T15:43:10Z John Johansen john.johansen@canonical.com 2016-06-23T01:01:08Z urn:sha1:58acf9d911c8831156634a44d0b022d683e1e50c the policy_lock parameter is a one way switch that prevents policy from being further modified. Unfortunately some of the module parameters can effectively modify policy by turning off enforcement. split policy_admin_capable into a view check and a full admin check, and update the admin check to test the policy_lock parameter. Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-12T15:43:10Z John Johansen john.johansen@canonical.com 2016-06-15T07:00:55Z urn:sha1:5f20fdfed16bc599a325a145bf0123a8e1c9beea BugLink: http://bugs.launchpad.net/bugs/1592547 If unpack_dfa() returns NULL due to the dfa not being present, profile_unpack() is not checking if the dfa is not present (NULL). Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-12T15:43:10Z John Johansen john.johansen@canonical.com 2016-06-15T06:57:55Z urn:sha1:3197f5adf539a3ee6331f433a51483f8c842f890 Signed-off-by: John Johansen <john.johansen@canonical.com> 2016-07-12T15:43:10Z John Johansen john.johansen@canonical.com 2016-06-02T09:37:02Z urn:sha1:15756178c6a65b261a080e21af4766f59cafc112 Signed-off-by: John Johansen <john.johansen@canonical.com>