projects / pve-kernel-3.10.0.git / blame
| Commit | Line | Data |
|---|---|---|
| 37e96ed9 DM |
1 | From 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c Mon Sep 17 00:00:00 2001 |
| 2 | From: John Johansen <john.johansen@canonical.com> | |
| 3 | Date: Wed, 27 Feb 2013 03:45:05 -0800 | |
| 4 | Subject: apparmor: fix fully qualified name parsing | |
| 5 | ||
| 6 | currently apparmor name parsing is only correctly handling | |
| 7 | :<NS>:<profile> | |
| 8 | ||
| 9 | but | |
| 10 | :<NS>://<profile> | |
| 11 | ||
| 12 | is also a valid form and what is exported to userspace. | |
| 13 | ||
| 14 | Signed-off-by: John Johansen <john.johansen@canonical.com> | |
| 15 | ||
| 16 | diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c | |
| 17 | index d6e1f21..d40bc59 100644 | |
| 18 | --- a/security/apparmor/lib.c | |
| 19 | +++ b/security/apparmor/lib.c | |
| 20 | @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name) | |
| 21 | *ns_name = skip_spaces(&name[1]); | |
| 22 | if (split) { | |
| 23 | /* overwrite ':' with \0 */ | |
| 24 | - *split = 0; | |
| 25 | - name = skip_spaces(split + 1); | |
| 26 | + *split++ = 0; | |
| 27 | + if (strncmp(split, "//", 2) == 0) | |
| 28 | + split += 2; | |
| 29 | + name = skip_spaces(split); | |
| 30 | } else | |
| 31 | /* a ns name without a following profile is allowed */ | |
| 32 | name = NULL; | |
| 33 | -- | |
| 34 | cgit v0.10.2 | |
| 35 |