git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces

Push the no_new_privs logic into the per profile transition fns, so
that the no_new_privs check can be done at the ns level instead of the
aggregate stack level.

BugLink: http://bugs.launchpad.net/bugs/1648143
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

author	John Johansen <john.johansen@canonical.com>
	Wed, 1 Feb 2017 09:06:03 +0000 (01:06 -0800)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Wed, 8 Mar 2017 13:35:45 +0000 (10:35 -0300)
commit	740ab2dca0e12912044211f3e8dd8c573f2bdfd0
tree	c70310f24ebe7a1fb198d8a0e64606823253d2aa	tree
parent	f2f5c290f2ca0e2b6e834c711c56d37dd4eb0d26	commit \| diff