]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7b3b19) | patch
UBUNTU: SAUCE: apparmor: fix: parameters can be changed after policy is locked
authorJohn Johansen <john.johansen@canonical.com>
Thu, 23 Jun 2016 01:01:08 +0000 (18:01 -0700)
committerTim Gardner <tim.gardner@canonical.com>
Mon, 20 Feb 2017 03:57:58 +0000 (20:57 -0700)
commit94a9bc9516ad9dd0cb8b0d3c6445555c56b3e8df
tree3e3cfa19ad530376c943fa1855aedf554d62c15atree
parentc7b3b1959e07cda62ab02aebd218217ebe607b4fcommit | diff
UBUNTU: SAUCE: apparmor: fix: parameters can be changed after policy is locked

the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

BugLink: http://bugs.launchpad.net/bugs/1615895
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
security/apparmor/include/policy.h diff | blob | blame | history
security/apparmor/lsm.c diff | blob | blame | history
security/apparmor/policy.c diff | blob | blame | history
ubuntu-zesty-kernel mirror