Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
libraries/libapparmor/include/sys/apparmor.h | 4 ++--
libraries/libapparmor/src/kernel_interface.c | 13 +++++++------
libraries/libapparmor/src/policy_cache.c | 2 +-
parser/parser_main.c | 4 ++--
4 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/libraries/libapparmor/include/sys/apparmor.h
b/libraries/libapparmor/include/sys/apparmor.h
index 2643cde..435fb09 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -127,13 +127,13 @@ void aa_kernel_interface_unref(aa_kernel_interface
*kernel_interface);
int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
const char *buffer, size_t size);
int aa_kernel_interface_load_policy_from_file(aa_kernel_interface
*kernel_interface,
- const char *path);
+ int dirfd, const char *path);
int aa_kernel_interface_load_policy_from_fd(aa_kernel_interface
*kernel_interface,
int fd);
int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
const char *buffer, size_t size);
int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface
*kernel_interface,
- const char *path);
+ int dirfd, const char *path);
int aa_kernel_interface_replace_policy_from_fd(aa_kernel_interface
*kernel_interface,
int fd);
int aa_kernel_interface_remove_policy(aa_kernel_interface *kernel_interface,
diff --git a/libraries/libapparmor/src/kernel_interface.c
b/libraries/libapparmor/src/kernel_interface.c
index 15b171f..293c93d 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -183,11 +183,12 @@ static int write_policy_fd_to_iface(aa_kernel_interface
*kernel_interface,
}
static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
- const char *iface_file, const char *path)
+ const char *iface_file,
+ int dirfd, const char *path)
{
autoclose int fd;
- fd = open(path, O_RDONLY);
+ fd = openat(dirfd, path, O_RDONLY);
if (fd == -1)
return -1;
@@ -312,10 +313,10 @@ int aa_kernel_interface_load_policy(aa_kernel_interface
*kernel_interface,
* Returns: 0 on success, -1 on error with errno set
*/
int aa_kernel_interface_load_policy_from_file(aa_kernel_interface
*kernel_interface,
- const char *path)
+ int dirfd, const char *path)
{
return write_policy_file_to_iface(kernel_interface, AA_IFACE_FILE_LOAD,
- path);
+ dirfd, path);
}
/**
@@ -356,10 +357,10 @@ int
aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
* Returns: 0 on success, -1 on error with errno set
*/
int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface
*kernel_interface,
- const char *path)
+ int dirfd, const char *path)
{
return write_policy_file_to_iface(kernel_interface,
- AA_IFACE_FILE_REPLACE, path);
+ AA_IFACE_FILE_REPLACE, dirfd, path);
}
/**
diff --git a/libraries/libapparmor/src/policy_cache.c
b/libraries/libapparmor/src/policy_cache.c
index 515e2d0..a5eff24 100644
--- a/libraries/libapparmor/src/policy_cache.c
+++ b/libraries/libapparmor/src/policy_cache.c
@@ -119,7 +119,7 @@ static int replace_all_cb(int dirfd unused, const char
*name, struct stat *st,
return -1;
}
retval =
aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
- path);
+ -1, path);
}
return retval;
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 428c3ea..555620d 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -600,7 +600,7 @@ int process_binary(int option, aa_kernel_interface
*kernel_interface,
if (kernel_load) {
if (option == OPTION_ADD) {
retval = profilename ?
-
aa_kernel_interface_load_policy_from_file(kernel_interface, profilename) :
+
aa_kernel_interface_load_policy_from_file(kernel_interface, AT_FDCWD,
profilename) :
aa_kernel_interface_load_policy_from_fd(kernel_interface, 0);
if (retval == -1) {
retval = errno;
@@ -610,7 +610,7 @@ int process_binary(int option, aa_kernel_interface
*kernel_interface,
}
} else if (option == OPTION_REPLACE) {
retval = profilename ?
-
aa_kernel_interface_replace_policy_from_file(kernel_interface, profilename) :
+
aa_kernel_interface_replace_policy_from_file(kernel_interface, AT_FDCWD,
profilename) :
aa_kernel_interface_replace_policy_from_fd(kernel_interface, 0);
if (retval == -1) {
retval = errno;
--
2.1.4
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
