On Tue, Nov 05, 2013 at 05:34:59AM -0800, John Johansen wrote: > Signed-off-by: John Johansen <john.johan...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> Thanks > --- > security/apparmor/audit.c | 1 + > security/apparmor/include/audit.h | 1 + > security/apparmor/lsm.c | 13 +++++++++++++ > 3 files changed, 15 insertions(+) > > diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c > index 89c7865..6ebebd5 100644 > --- a/security/apparmor/audit.c > +++ b/security/apparmor/audit.c > @@ -36,6 +36,7 @@ const char *const op_table[] = { > "rename_dest", > "chmod", > "chown", > + "chdir", > "getattr", > "open", > > diff --git a/security/apparmor/include/audit.h > b/security/apparmor/include/audit.h > index ba3dfd1..57f5ce8 100644 > --- a/security/apparmor/include/audit.h > +++ b/security/apparmor/include/audit.h > @@ -64,6 +64,7 @@ enum aa_ops { > OP_RENAME_DEST, > OP_CHMOD, > OP_CHOWN, > + OP_CHDIR, > OP_GETATTR, > OP_OPEN, > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 4257b7e..794aa1a 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -364,6 +364,18 @@ static int apparmor_path_chown(struct path *path, kuid_t > uid, kgid_t gid) > return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); > } > > +static int apparmor_path_chdir(struct path *path) > +{ > + struct path_cond cond = { path->dentry->d_inode->i_uid, > + path->dentry->d_inode->i_mode > + }; > + > + if (!mediated_filesystem(path->dentry->d_inode)) > + return 0; > + > + return common_perm(OP_CHDIR, path, MAY_READ, &cond); > +} > + > static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry > *dentry) > { > if (!mediated_filesystem(dentry->d_inode)) > @@ -632,6 +644,7 @@ static struct security_operations apparmor_ops = { > .path_rename = apparmor_path_rename, > .path_chmod = apparmor_path_chmod, > .path_chown = apparmor_path_chown, > + .path_chdir = apparmor_path_chdir, > .path_truncate = apparmor_path_truncate, > .inode_getattr = apparmor_inode_getattr, >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor