On 10/28/23 08:32, Paul Moore wrote:
On Thu, Oct 26, 2023 at 10:03 PM Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
Hi all,
Today's linux-next merge of the apparmor tree got a conflict in:
security/apparmor/lsm.c
between commit:
3c3bda37ca1d ("AppArmor: Add selfattr hooks")
from the security tree and commits:
bd7bd201ca46 ("apparmor: combine common_audit_data and apparmor_audit_data")
d20f5a1a6e79 ("apparmor: rename audit_data->label to audit_data->subj_label")
from the apparmor tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
Thanks Stephen.
John, can you take a look and make sure this is correct (it looks okay to me)?
yes its good, thanks Stephan.
Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
Paul just to double check, to make sure we get ordering on this right
3c3bda37ca1d ("AppArmor: Add selfattr hooks")
is part of the Three basic syscalls series, the plan is still to have that
series bake in next for a full cycle?
Regardless, I will wait until security-ext gets merged to send my pull
request, and handle the conflict if its present.
diff --cc security/apparmor/lsm.c
index 5e16c03936b9,4d34180e9799..000000000000
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@@ -771,16 -868,11 +917,16 @@@ out
return error;
fail:
- aad(&sa)->label = begin_current_label_crit_section();
+ ad.subj_label = begin_current_label_crit_section();
- ad.info = name;
+ if (attr == LSM_ATTR_CURRENT)
- aad(&sa)->info = "current";
++ ad.info = "current";
+ else if (attr == LSM_ATTR_EXEC)
- aad(&sa)->info = "exec";
++ ad.info = "exec";
+ else
- aad(&sa)->info = "invalid";
- aad(&sa)->error = error = -EINVAL;
- aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
- end_current_label_crit_section(aad(&sa)->label);
++ ad.info = "invalid";
+ ad.error = error = -EINVAL;
+ aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
+ end_current_label_crit_section(ad.subj_label);
goto out;
}