diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-28 14:26:19 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-03-28 14:26:19 -0700 |
commit | 683c5e853ebe2d1ac72128f1828421de7fc3a23c (patch) | |
tree | 5efaa76d16915feea9241966a90ab93fa4d71397 | |
parent | f0f3680e50352c57b6cfc5b0d44d63bb0aa20f80 (diff) | |
parent | 0421ea91ddc7895a5a68d3bc670ed4b8e6448a42 (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull an Apparmor bugfix from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
apparmor: Fix change_onexec when called from a confined task
-rw-r--r-- | security/apparmor/domain.c | 3 | ||||
-rw-r--r-- | security/apparmor/file.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 7c69599a69e..6327685c101 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -410,7 +410,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) * exec\0change_profile */ state = aa_dfa_null_transition(profile->file.dfa, state); - cp = change_profile_perms(profile, cxt->onexec->ns, name, + cp = change_profile_perms(profile, cxt->onexec->ns, + cxt->onexec->base.name, AA_MAY_ONEXEC, state); if (!(cp.allow & AA_MAY_ONEXEC)) diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 3022c0f4f0d..5d176f2530c 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -215,6 +215,8 @@ static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state, /* change_profile wasn't determined by ownership in old mapping */ if (ACCEPT_TABLE(dfa)[state] & 0x80000000) perms.allow |= AA_MAY_CHANGE_PROFILE; + if (ACCEPT_TABLE(dfa)[state] & 0x40000000) + perms.allow |= AA_MAY_ONEXEC; return perms; } |