1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: John Johansen <john.johansen@canonical.com>
3 Date: Fri, 27 Jul 2018 14:27:05 -0700
4 Subject: [PATCH] UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs
7 the apparmor policy language current does not allow expressing of the
8 locking permission for no-fs unix sockets. However the kernel is
11 Add the AA_MAY_LOCK perm to the computed perm mask which will grant
12 permission for all current abi profiles, but still allow specifying
13 auditing of the operation if needed.
15 http://bugs.launchpad.net/bugs/1780227
16 Signed-off-by: John Johansen <john.johansen@canonical.com>
18 security/apparmor/lib.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
21 diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
22 index a7b3f681b80e..eafad30a78d7 100644
23 --- a/security/apparmor/lib.c
24 +++ b/security/apparmor/lib.c
25 @@ -327,7 +327,7 @@ void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,
26 /* for v5 perm mapping in the policydb, the other set is used
27 * to extend the general perm set
29 - perms->allow |= map_other(dfa_other_allow(dfa, state));
30 + perms->allow |= map_other(dfa_other_allow(dfa, state)) | AA_MAY_LOCK;
31 perms->audit |= map_other(dfa_other_audit(dfa, state));
32 perms->quiet |= map_other(dfa_other_quiet(dfa, state));
33 // perms->xindex = dfa_user_xindex(dfa, state);