linux.git/security/apparmor/include, branch v3.12-rc2 Linux kernel source tree apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14T18:42:08+00:00 John Johansen john.johansen@canonical.com 2013-08-14T18:27:36+00:00 f8eb8a1324e81927b2c64823b2fc38386efd3fef Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
Provide userspace the ability to introspect a sha1 hash value for each
profile currently loaded.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: export set of capabilities supported by the apparmor module 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-08-14T18:27:32+00:00 84f1f787421cd83bb7dfb34d584586f6a5fe7baa Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: add an optional profile attachment string for profiles 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:17:43+00:00 556d0be74b19cb6288e5eb2f3216eac247d87968 Add the ability to take in and report a human readable profile attachment string for profiles so that attachment specifications can be easily inspected. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
Add the ability to take in and report a human readable profile attachment
string for profiles so that attachment specifications can be easily
inspected.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: add interface files for profiles and namespaces 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:13:43+00:00 0d259f043f5f60f74c4fd020aac190cb6450e918 Add basic interface files to access namespace and profile information. The interface files are created when a profile is loaded and removed when the profile or namespace is removed. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Add basic interface files to access namespace and profile information.
The interface files are created when a profile is loaded and removed
when the profile or namespace is removed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: allow setting any profile into the unconfined state 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:12:43+00:00 038165070aa55375d4bdd2f84b34a486feca63d6 Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: make free_profile available outside of policy.c 2013-08-14T18:42:06+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:11:43+00:00 8651e1d6572bc2c061073f05fabcd7175789259d Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rework namespace free path 2013-08-14T18:42:06+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:10:43+00:00 742058b0f3a2ed32e2a7349aff97989dc4e32452 namespaces now completely use the unconfined profile to track the refcount and rcu freeing cycle. So rework the code to simplify (track everything through the profile path right up to the end), and move the rcu_head from policy base to profile as the namespace no longer needs it. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
namespaces now completely use the unconfined profile to track the
refcount and rcu freeing cycle. So rework the code to simplify (track
everything through the profile path right up to the end), and move the
rcu_head from policy base to profile as the namespace no longer needs
it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: update how unconfined is handled 2013-08-14T18:42:06+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:08:43+00:00 fa2ac468db510c653499a47c1ec3deb045bf4763 ns->unconfined is being used read side without locking, nor rcu but is being updated when a namespace is removed. This works for the root ns which is never removed but has a race window and can cause failures when children namespaces are removed. Also ns and ns->unconfined have a circular refcounting dependency that is problematic and must be broken. Currently this is done incorrectly when the namespace is destroyed. Fix this by forward referencing unconfined via the replacedby infrastructure instead of directly updating the ns->unconfined pointer. Remove the circular refcount dependency by making the ns and its unconfined profile share the same refcount. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
ns->unconfined is being used read side without locking, nor rcu but is
being updated when a namespace is removed. This works for the root ns
which is never removed but has a race window and can cause failures when
children namespaces are removed.

Also ns and ns->unconfined have a circular refcounting dependency that
is problematic and must be broken. Currently this is done incorrectly
when the namespace is destroyed.

Fix this by forward referencing unconfined via the replacedby infrastructure
instead of directly updating the ns->unconfined pointer.

Remove the circular refcount dependency by making the ns and its unconfined
profile share the same refcount.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: change how profile replacement update is done 2013-08-14T18:42:06+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:07:43+00:00 77b071b34045a0c65d0e1f85f3d47fd2b8b7a8a1 remove the use of replaced by chaining and move to profile invalidation and lookup to handle task replacement. Replacement chaining can result in large chains of profiles being pinned in memory when one profile in the chain is use. With implicit labeling this will be even more of a problem, so move to a direct lookup method. Signed-off-by: John Johansen <john.johansen@canonical.com> 
remove the use of replaced by chaining and move to profile invalidation
and lookup to handle task replacement.

Replacement chaining can result in large chains of profiles being pinned
in memory when one profile in the chain is use. With implicit labeling
this will be even more of a problem, so move to a direct lookup method.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: convert profile lists to RCU based locking 2013-08-14T18:42:06+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:06:43+00:00 01e2b670aa898a39259bc85c78e3d74820f4d3b6 Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>