On 2016-02-25 04:02:16, John Johansen wrote:
> On 02/12/2016 04:06 PM, Tyler Hicks wrote:
> > Based on the existing implementations of aa_change_profile(2) and
> > aa_change_onexec(2).
> >
> > Signed-off-by: Tyler Hicks
>
> so this is fine as is and gets
>
> Acked-by: John Johansen
>
> but what do you think about changing the command to just stack
> (see below)?
That's easy. I'll make that change locally. Thanks!
Tyler
>
> The file being written already distinguishes them from each
> other, and if I had it to do over changeprofile would be just
> 'change' or 'set'.
>
>
> > ---
> > libraries/libapparmor/include/sys/apparmor.h | 2 ++
> > libraries/libapparmor/src/kernel.c| 42
> > +++
> > libraries/libapparmor/src/libapparmor.map | 8 +
> > libraries/libapparmor/swig/SWIG/libapparmor.i | 2 ++
> > 4 files changed, 54 insertions(+)
> >
> > diff --git a/libraries/libapparmor/include/sys/apparmor.h
> > b/libraries/libapparmor/include/sys/apparmor.h
> > index 13a6a8c..752a5bd 100644
> > --- a/libraries/libapparmor/include/sys/apparmor.h
> > +++ b/libraries/libapparmor/include/sys/apparmor.h
> > @@ -78,6 +78,8 @@ extern int aa_change_onexec(const char *profile);
> >
> > extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> > extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> > +extern int aa_stack_profile(const char *profile);
> > +extern int aa_stack_onexec(const char *profile);
> >
> > extern char *aa_splitcon(char *con, char **mode);
> > /* Protypes for introspecting task confinement
> > diff --git a/libraries/libapparmor/src/kernel.c
> > b/libraries/libapparmor/src/kernel.c
> > index d2daf8d..108b654 100644
> > --- a/libraries/libapparmor/src/kernel.c
> > +++ b/libraries/libapparmor/src/kernel.c
> > @@ -594,6 +594,48 @@ int (aa_change_hat_vargs)(unsigned long token, int
> > nhats, ...)
> > return aa_change_hatv(argv, token);
> > }
> >
> > +int aa_stack_profile(const char *profile)
> > +{
> > + char *buf = NULL;
> > + int len;
> > + int rc;
> > +
> > + if (!profile) {
> > + errno = EINVAL;
> > + return -1;
> > + }
> > +
> > + len = asprintf(, "stackprofile %s", profile);
> len = asprintf(, "stack %s", profile);
> > + if (len < 0)
> > + return -1;
> > +
> > + rc = setprocattr(aa_gettid(), "current", buf, len);
> > +
> > + free(buf);
> > + return rc;
> > +}
> > +
> > +int aa_stack_onexec(const char *profile)
> > +{
> > + char *buf = NULL;
> > + int len;
> > + int rc;
> > +
> > + if (!profile) {
> > + errno = EINVAL;
> > + return -1;
> > + }
> > +
> > + len = asprintf(, "stackexec %s", profile);
> len = asprintf(, "stack %s", profile);
> > + if (len < 0)
> > + return -1;
> > +
> > + rc = setprocattr(aa_gettid(), "exec", buf, len);
> > +
> > + free(buf);
> > + return rc;
> > +}
> > +
> > /**
> > * aa_gettaskcon - get the confinement context for task @target in an
> > allocated buffer
> > * @target: task to query
> > diff --git a/libraries/libapparmor/src/libapparmor.map
> > b/libraries/libapparmor/src/libapparmor.map
> > index 98d97ea..5cbd4e8 100644
> > --- a/libraries/libapparmor/src/libapparmor.map
> > +++ b/libraries/libapparmor/src/libapparmor.map
> > @@ -87,6 +87,14 @@ APPARMOR_2.10 {
> > *;
> > } APPARMOR_2.9;
> >
> > +APPARMOR_2.11 {
> > + global:
> > +aa_stack_profile;
> > +aa_stack_onexec;
> > + local:
> > +*;
> > +} APPARMOR_2.10;
> > +
> > PRIVATE {
> > global:
> > _aa_is_blacklisted;
> > diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i
> > b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > index 69b4cc2..005dd7f 100644
> > --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> > +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > @@ -48,6 +48,8 @@ extern int aa_change_profile(const char *profile);
> > extern int aa_change_onexec(const char *profile);
> > extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> > extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> > +extern int aa_stack_profile(const char *profile);
> > +extern int aa_stack_onexec(const char *profile);
> > extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int
> > len,
> > char **mode);
> > extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char
> > **mode);
> >
>
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor