Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/security/apparmor/include
History
John Johansen 0dda0b3fb2 apparmor: fix ptrace label match when matching stacked labels 
Given a label with a profile stack of
  A//&B or A//&C ...

A ptrace rule should be able to specify a generic trace pattern with
a rule like

  ptrace trace A//&**,

however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.

To fix this refactor the cross check to pass the full peer label in to
the label_match.

Fixes: 290f458a4f ("apparmor: allow ptrace checks to be finer grained than just capability")
Cc: Stable <stable@vger.kernel.org>
Reported-by: Matthew Garrett <mjg59@google.com>
Tested-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 		2018-01-12 15:49:59 -08:00
..
apparmor.h
apparmorfs.h
audit.h apparmor: fix oops in audit_signal_cb hook 2017-11-27 14:38:15 -08:00
capability.h
context.h
crypto.h
domain.h + Features 2017-09-23 05:33:29 -10:00
file.h
ipc.h
label.h
lib.h Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
match.h
mount.h
path.h
perms.h apparmor: fix ptrace label match when matching stacked labels 2018-01-12 15:49:59 -08:00
policy.h Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
policy_ns.h
policy_unpack.h
procattr.h
resource.h
secid.h
sig_names.h