On Thu, Feb 08, 2018 at 04:04:37PM -0800, John Johansen wrote:
> > If this step fails before completion, the xattrs array may have some
> > entries that weren't properly initialized; I suspect the free operation
> > will cause serious trouble in this case.
> >
> yep we can switch the kmalloc_array
On 02/08/2018 02:07 PM, Seth Arnold wrote:
> Hello,
>
> On Thu, Feb 08, 2018 at 12:37:19PM -0800, John Johansen wrote:
>> +static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)
>> +{
>> +void *pos = e->pos;
>> +
>> +if (unpack_nameX(e, AA_STRUCT, "xattrs")) {
>> +
Hello,
On Thu, Feb 08, 2018 at 12:37:19PM -0800, John Johansen wrote:
> +static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)
> +{
> + void *pos = e->pos;
> +
> + if (unpack_nameX(e, AA_STRUCT, "xattrs")) {
> + int i, size;
> +
> + size = unpack_a
Make it possible to tie Apparmor profiles to the presence of one or more
extended attributes, and optionally their values. An example usecase for
this is to automatically transition to a more privileged Apparmor profile
if an executable has a valid IMA signature, which can then be appraised
by the