git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Kees Cook <keescook@chromium.org>
	Tue, 18 Jul 2017 22:25:24 +0000 (15:25 -0700)
committer	Kees Cook <keescook@chromium.org>
	Tue, 1 Aug 2017 19:03:06 +0000 (12:03 -0700)
commit	993b3ab0642e57da5de6bef11dd50db7e2fc3b7e
tree	0406425b33f4d3c513d9cf773ddcfe25500a5d5e	tree
parent	c425e189ffd7720c881fe9ccd7143cea577f6d03	commit \| diff

apparmor: Refactor to remove bprm_secureexec hook

The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
hook since it's dealing with the same information, and all of the details
are finalized during the first call to the bprm_set_creds hook via
prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
via bprm->called_set_creds).

Here, all the comments describe how secureexec is actually calculated
during bprm_set_creds, so this actually does it, drops the bprm flag that
was being used internally by AppArmor, and drops the bprm_secureexec hook.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Serge Hallyn <serge@hallyn.com>

security/apparmor/domain.c		diff \| blob \| blame \| history
security/apparmor/include/domain.h		diff \| blob \| blame \| history
security/apparmor/include/file.h		diff \| blob \| blame \| history
security/apparmor/lsm.c		diff \| blob \| blame \| history