Re: [apparmor] [PATCH 1/4] security: add security_path_chdir hook

2013-11-29 Thread Christian Boltz
Hello, Am Donnerstag, 28. November 2013 schrieb John Johansen: > On 11/28/2013 10:32 AM, Christian Boltz wrote: > > Am Donnerstag, 28. November 2013 schrieb Seth Arnold: > >> On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote: > > I reported some time ago that the audit.log contains st

Re: [apparmor] [PATCH 1/4] security: add security_path_chdir hook

2013-11-28 Thread John Johansen
On 11/28/2013 10:32 AM, Christian Boltz wrote: Hello, Am Donnerstag, 28. November 2013 schrieb Seth Arnold: On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote: diff --git a/fs/open.c b/fs/open.c index d420331..9505fc5 100644 --- a/fs/open.c +++ b/fs/open.c @@ -387,6 +387,10 @@ ret

Re: [apparmor] [PATCH 1/4] security: add security_path_chdir hook

2013-11-28 Thread Christian Boltz
Hello, Am Donnerstag, 28. November 2013 schrieb Seth Arnold: > On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote: > > diff --git a/fs/open.c b/fs/open.c > > index d420331..9505fc5 100644 > > --- a/fs/open.c > > +++ b/fs/open.c > > @@ -387,6 +387,10 @@ retry: > > if (error) > >

Re: [apparmor] [PATCH 1/4] security: add security_path_chdir hook

2013-11-28 Thread Seth Arnold
On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote: > Signed-off-by: John Johansen Both nfs_permission() and fuse_permission() use MAY_CHDIR without an obvious security hook nearby. (The chroot() syscall does have a nearby security_path_chroot() call.) Should this patch add security_pa

[apparmor] [PATCH 1/4] security: add security_path_chdir hook

2013-11-05 Thread John Johansen
Signed-off-by: John Johansen --- fs/open.c| 8 include/linux/security.h | 11 +++ security/security.c | 7 +++ 3 files changed, 26 insertions(+) diff --git a/fs/open.c b/fs/open.c index d420331..9505fc5 100644 --- a/fs/open.c +++ b/fs/open.c @@ -387,6