Re: linux-next: manual merge of the apparmor tree with the security tree

[John Johansen <john.johansen@xxxxxxxxxxxxx>]

On 10/28/23 08:32, Paul Moore wrote:
> On Thu, Oct 26, 2023 at 10:03 PM Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
> > Hi all,
> >
> > Today's linux-next merge of the apparmor tree got a conflict in:
> >
> >    security/apparmor/lsm.c
> >
> > between commit:
> >
> >    3c3bda37ca1d ("AppArmor: Add selfattr hooks")
> >
> > from the security tree and commits:
> >
> >    bd7bd201ca46 ("apparmor: combine common_audit_data and apparmor_audit_data")
> >    d20f5a1a6e79 ("apparmor: rename audit_data->label to audit_data->subj_label")
> >
> > from the apparmor tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary. This
> > is now fixed as far as linux-next is concerned, but any non trivial
> > conflicts should be mentioned to your upstream maintainer when your tree
> > is submitted for merging.  You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any particularly
> > complex conflicts.
>
> Thanks Stephen.
>
> John, can you take a look and make sure this is correct (it looks okay to me)?
yes its good, thanks Stephan.

Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx>

Paul just to double check, to make sure we get ordering on this right
   3c3bda37ca1d ("AppArmor: Add selfattr hooks")

is part of the Three basic syscalls series, the plan is still to have that
series bake in next for a full cycle?

Regardless, I will wait until security-ext gets merged to send my pull
request, and handle the conflict if its present.

> > diff --cc security/apparmor/lsm.c
> > index 5e16c03936b9,4d34180e9799..000000000000
> > --- a/security/apparmor/lsm.c
> > +++ b/security/apparmor/lsm.c
> > @@@ -771,16 -868,11 +917,16 @@@ out
> >          return error;
> >
> >    fail:
> > -       aad(&sa)->label = begin_current_label_crit_section();
> > +       ad.subj_label = begin_current_label_crit_section();
> >   -      ad.info = name;
> >   +      if (attr == LSM_ATTR_CURRENT)
> > -               aad(&sa)->info = "current";
> > ++              ad.info = "current";
> >   +      else if (attr == LSM_ATTR_EXEC)
> > -               aad(&sa)->info = "exec";
> > ++              ad.info = "exec";
> >   +      else
> > -               aad(&sa)->info = "invalid";
> > -       aad(&sa)->error = error = -EINVAL;
> > -       aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
> > -       end_current_label_crit_section(aad(&sa)->label);
> > ++              ad.info = "invalid";
> > +       ad.error = error = -EINVAL;
> > +       aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
> > +       end_current_label_crit_section(ad.subj_label);
> >          goto out;
> >    }