subject:"Re\: \[apparmor\] \[PATCH 2\/2\] libapparmor\: Implement aa_stack_profile and aa_stack

Re: [apparmor] [PATCH 2/2] libapparmor: Implement aa_stack_profile and aa_stack_onexec

2016-02-25 Thread Tyler Hicks

On 2016-02-25 04:02:16, John Johansen wrote:
> On 02/12/2016 04:06 PM, Tyler Hicks wrote:
> > Based on the existing implementations of aa_change_profile(2) and
> > aa_change_onexec(2).
> > 
> > Signed-off-by: Tyler Hicks 
> 
> so this is fine as is and gets
> 
> Acked-by: John Johansen 
> 
> but what do you think about changing the command to just stack
> (see below)?

That's easy. I'll make that change locally. Thanks!

Tyler

> 
> The file being written already distinguishes them from each
> other, and if I had it to do over changeprofile would be just
> 'change' or 'set'.
> 
> 
> > ---
> >  libraries/libapparmor/include/sys/apparmor.h  |  2 ++
> >  libraries/libapparmor/src/kernel.c| 42 
> > +++
> >  libraries/libapparmor/src/libapparmor.map |  8 +
> >  libraries/libapparmor/swig/SWIG/libapparmor.i |  2 ++
> >  4 files changed, 54 insertions(+)
> > 
> > diff --git a/libraries/libapparmor/include/sys/apparmor.h 
> > b/libraries/libapparmor/include/sys/apparmor.h
> > index 13a6a8c..752a5bd 100644
> > --- a/libraries/libapparmor/include/sys/apparmor.h
> > +++ b/libraries/libapparmor/include/sys/apparmor.h
> > @@ -78,6 +78,8 @@ extern int aa_change_onexec(const char *profile);
> >  
> >  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> >  extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> > +extern int aa_stack_profile(const char *profile);
> > +extern int aa_stack_onexec(const char *profile);
> >  
> >  extern char *aa_splitcon(char *con, char **mode);
> >  /* Protypes for introspecting task confinement
> > diff --git a/libraries/libapparmor/src/kernel.c 
> > b/libraries/libapparmor/src/kernel.c
> > index d2daf8d..108b654 100644
> > --- a/libraries/libapparmor/src/kernel.c
> > +++ b/libraries/libapparmor/src/kernel.c
> > @@ -594,6 +594,48 @@ int (aa_change_hat_vargs)(unsigned long token, int 
> > nhats, ...)
> > return aa_change_hatv(argv, token);
> >  }
> >  
> > +int aa_stack_profile(const char *profile)
> > +{
> > +   char *buf = NULL;
> > +   int len;
> > +   int rc;
> > +
> > +   if (!profile) {
> > +   errno = EINVAL;
> > +   return -1;
> > +   }
> > +
> > +   len = asprintf(, "stackprofile %s", profile);
> len = asprintf(, "stack %s", profile);
> > +   if (len < 0)
> > +   return -1;
> > +
> > +   rc = setprocattr(aa_gettid(), "current", buf, len);
> > +
> > +   free(buf);
> > +   return rc;
> > +}
> > +
> > +int aa_stack_onexec(const char *profile)
> > +{
> > +   char *buf = NULL;
> > +   int len;
> > +   int rc;
> > +
> > +   if (!profile) {
> > +   errno = EINVAL;
> > +   return -1;
> > +   }
> > +
> > +   len = asprintf(, "stackexec %s", profile);
> len = asprintf(, "stack %s", profile);
> > +   if (len < 0)
> > +   return -1;
> > +
> > +   rc = setprocattr(aa_gettid(), "exec", buf, len);
> > +
> > +   free(buf);
> > +   return rc;
> > +}
> > +
> >  /**
> >   * aa_gettaskcon - get the confinement context for task @target in an 
> > allocated buffer
> >   * @target: task to query
> > diff --git a/libraries/libapparmor/src/libapparmor.map 
> > b/libraries/libapparmor/src/libapparmor.map
> > index 98d97ea..5cbd4e8 100644
> > --- a/libraries/libapparmor/src/libapparmor.map
> > +++ b/libraries/libapparmor/src/libapparmor.map
> > @@ -87,6 +87,14 @@ APPARMOR_2.10 {
> >  *;
> >  } APPARMOR_2.9;
> >  
> > +APPARMOR_2.11 {
> > +  global:
> > +aa_stack_profile;
> > +aa_stack_onexec;
> > +  local:
> > +*;
> > +} APPARMOR_2.10;
> > +
> >  PRIVATE {
> > global:
> > _aa_is_blacklisted;
> > diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i 
> > b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > index 69b4cc2..005dd7f 100644
> > --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> > +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > @@ -48,6 +48,8 @@ extern int aa_change_profile(const char *profile);
> >  extern int aa_change_onexec(const char *profile);
> >  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> >  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> > +extern int aa_stack_profile(const char *profile);
> > +extern int aa_stack_onexec(const char *profile);
> >  extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int 
> > len,
> >   char **mode);
> >  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char 
> > **mode);
> > 
> 


signature.asc
Description: Digital signature
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 2/2] libapparmor: Implement aa_stack_profile and aa_stack_onexec

2016-02-25 Thread John Johansen

On 02/12/2016 04:06 PM, Tyler Hicks wrote:
> Based on the existing implementations of aa_change_profile(2) and
> aa_change_onexec(2).
> 
> Signed-off-by: Tyler Hicks 

so this is fine as is and gets

Acked-by: John Johansen 

but what do you think about changing the command to just stack
(see below)?

The file being written already distinguishes them from each
other, and if I had it to do over changeprofile would be just
'change' or 'set'.


> ---
>  libraries/libapparmor/include/sys/apparmor.h  |  2 ++
>  libraries/libapparmor/src/kernel.c| 42 
> +++
>  libraries/libapparmor/src/libapparmor.map |  8 +
>  libraries/libapparmor/swig/SWIG/libapparmor.i |  2 ++
>  4 files changed, 54 insertions(+)
> 
> diff --git a/libraries/libapparmor/include/sys/apparmor.h 
> b/libraries/libapparmor/include/sys/apparmor.h
> index 13a6a8c..752a5bd 100644
> --- a/libraries/libapparmor/include/sys/apparmor.h
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -78,6 +78,8 @@ extern int aa_change_onexec(const char *profile);
>  
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +extern int aa_stack_profile(const char *profile);
> +extern int aa_stack_onexec(const char *profile);
>  
>  extern char *aa_splitcon(char *con, char **mode);
>  /* Protypes for introspecting task confinement
> diff --git a/libraries/libapparmor/src/kernel.c 
> b/libraries/libapparmor/src/kernel.c
> index d2daf8d..108b654 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -594,6 +594,48 @@ int (aa_change_hat_vargs)(unsigned long token, int 
> nhats, ...)
>   return aa_change_hatv(argv, token);
>  }
>  
> +int aa_stack_profile(const char *profile)
> +{
> + char *buf = NULL;
> + int len;
> + int rc;
> +
> + if (!profile) {
> + errno = EINVAL;
> + return -1;
> + }
> +
> + len = asprintf(, "stackprofile %s", profile);
len = asprintf(, "stack %s", profile);
> + if (len < 0)
> + return -1;
> +
> + rc = setprocattr(aa_gettid(), "current", buf, len);
> +
> + free(buf);
> + return rc;
> +}
> +
> +int aa_stack_onexec(const char *profile)
> +{
> + char *buf = NULL;
> + int len;
> + int rc;
> +
> + if (!profile) {
> + errno = EINVAL;
> + return -1;
> + }
> +
> + len = asprintf(, "stackexec %s", profile);
len = asprintf(, "stack %s", profile);
> + if (len < 0)
> + return -1;
> +
> + rc = setprocattr(aa_gettid(), "exec", buf, len);
> +
> + free(buf);
> + return rc;
> +}
> +
>  /**
>   * aa_gettaskcon - get the confinement context for task @target in an 
> allocated buffer
>   * @target: task to query
> diff --git a/libraries/libapparmor/src/libapparmor.map 
> b/libraries/libapparmor/src/libapparmor.map
> index 98d97ea..5cbd4e8 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -87,6 +87,14 @@ APPARMOR_2.10 {
>  *;
>  } APPARMOR_2.9;
>  
> +APPARMOR_2.11 {
> +  global:
> +aa_stack_profile;
> +aa_stack_onexec;
> +  local:
> +*;
> +} APPARMOR_2.10;
> +
>  PRIVATE {
>   global:
>   _aa_is_blacklisted;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i 
> b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 69b4cc2..005dd7f 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -48,6 +48,8 @@ extern int aa_change_profile(const char *profile);
>  extern int aa_change_onexec(const char *profile);
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> +extern int aa_stack_profile(const char *profile);
> +extern int aa_stack_onexec(const char *profile);
>  extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int 
> len,
> char **mode);
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char 
> **mode);
> 


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 2/2] libapparmor: Implement aa_stack_profile and aa_stack_onexec

Re: [apparmor] [PATCH 2/2] libapparmor: Implement aa_stack_profile and aa_stack_onexec

2 matches

Site Navigation

Mail list logo

Footer information