On 2014-10-23 11:51:30, John Johansen wrote: > From 0c0a584c0d073a51e2e8b4c23e7c96f1d3abc358 Mon Sep 17 00:00:00 2001 > From: John Johansen <john.johan...@canonical.com> > Date: Wed, 22 Oct 2014 18:04:34 -0400 > Subject: [PATCH] apparmor: add parameter to control whether policy hashing is > used > > Signed-off-by: John Johansen <john.johan...@canonical.com>
Looks good! Acked-by: Tyler Hicks <tyhi...@canonical.com> Tyler > --- > security/apparmor/include/apparmor.h | 1 + > security/apparmor/lsm.c | 4 ++++ > security/apparmor/policy_unpack.c | 5 +++-- > 3 files changed, 8 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/include/apparmor.h > b/security/apparmor/include/apparmor.h > index a59a330..7d2f457 100644 > --- a/security/apparmor/include/apparmor.h > +++ b/security/apparmor/include/apparmor.h > @@ -52,6 +52,7 @@ > extern enum audit_mode aa_g_audit; > extern bool aa_g_audit_header; > extern bool aa_g_debug; > +extern bool aa_g_hash_policy; > extern bool aa_g_lock_policy; > extern bool aa_g_logsyscall; > extern bool aa_g_paranoid_load; > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index cd2b4f4..5a7eb43 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1248,6 +1248,10 @@ enum profile_mode aa_g_profile_mode = APPARMOR_ENFORCE; > module_param_call(mode, param_set_mode, param_get_mode, > &aa_g_profile_mode, S_IRUSR | S_IWUSR); > > +/* whether policy verification hashing is enabled */ > +bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH; > +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); > + > /* Debug mode */ > bool aa_g_debug; > module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); > diff --git a/security/apparmor/policy_unpack.c > b/security/apparmor/policy_unpack.c > index 188d36e..7f63b67 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -832,8 +832,9 @@ int aa_unpack(void *udata, size_t size, struct list_head > *lh, const char **ns) > if (error) > goto fail_profile; > > - error = aa_calc_profile_hash(profile, e.version, start, > - e.pos - start); > + if (aa_g_hash_policy) > + error = aa_calc_profile_hash(profile, e.version, start, > + e.pos - start); > if (error) > goto fail_profile; > > -- > 2.1.0 > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor