Re: [AppArmor 38/41] AppArmor: Module and LSM hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> +
> +	/**
> +	 * parent can ptrace child when
> +	 * - parent is unconfined
> +	 * - parent is in complain mode
> +	 * - parent and child are confined by the same profile
> +	 */

Your profiles are name based. That means the same profile in a different
namespace does different things. It would be a very odd case where it
mattered but surely the parent ptrace child rule should also require that
the parent and child are in the same namespace when using apparmor name
based security.

> +static int apparmor_capget(struct task_struct *task,
> +			    kernel_cap_t *effective,
> +			    kernel_cap_t *inheritable,
> +			    kernel_cap_t *permitted)
> +{
> +	return cap_capget(task, effective, inheritable, permitted);
> +}

Pointless function should go away.

> +static int apparmor_sysctl(struct ctl_table *table, int op)
> +{
> +	int error = 0;
> +
> +	if ((op & 002) && !capable(CAP_SYS_ADMIN))
> +		error = aa_reject_syscall(current, GFP_KERNEL,
> +					  "sysctl (write)");
> +
> +	return error;

The usual file permission security override is DAC not ADMIN. What is the
logic of this choice.

> +}
> +
> +static int apparmor_syslog(int type)
> +{
> +	return cap_syslog(type);
> +}

More pointless functions to delete.


-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux