Re: [PATCH 3/4] AppArmor: add "file" details to securityfs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: John Johansen <john.johansen@canonical.com>
To: Kees Cook <kees@ubuntu.com>
Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/4] AppArmor: add "file" details to securityfs
Date: Fri, 27 Jan 2012 11:34:47 -0800	[thread overview]
Message-ID: <4F22FC57.4090008@canonical.com> (raw)
In-Reply-To: <1327624163-21576-4-git-send-email-kees@ubuntu.com>

On 01/26/2012 04:29 PM, Kees Cook wrote:
> Create the "file" directory in the securityfs for tracking features
> related to files.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/apparmor/apparmorfs.c         |   10 ++++++++++
>  security/apparmor/include/apparmorfs.h |    6 ++++++
>  2 files changed, 16 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 36efe64..68ce771 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -154,6 +154,9 @@ static int aa_fs_seq_show(struct seq_file *seq, void *v)
>  	case AA_FS_TYPE_BOOLEAN:
>  		seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
>  		break;
> +	case AA_FS_TYPE_STRING:
> +		seq_printf(seq, "%s\n", fs_file->v.string);
> +		break;
>  	case AA_FS_TYPE_U64:
>  		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
>  		break;
> @@ -180,6 +183,12 @@ const struct file_operations aa_fs_seq_file_ops = {
>  
>  /** Base file system setup **/
>  
> +static struct aa_fs_entry aa_fs_entry_file[] = {
> +	AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
> +				  "link lock"),
> +	{ }
> +};
> +
>  static struct aa_fs_entry aa_fs_entry_domain[] = {
>  	AA_FS_FILE_BOOLEAN("change_hat",	1),
>  	AA_FS_FILE_BOOLEAN("change_hatv",	1),
> @@ -190,6 +199,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
>  
>  static struct aa_fs_entry aa_fs_entry_features[] = {
>  	AA_FS_DIR("domain",			aa_fs_entry_domain),
> +	AA_FS_DIR("file",			aa_fs_entry_file),
>  	AA_FS_FILE_BOOLEAN("namespaces",	1),
>  	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
>  	{ }
> diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
> index 16e6545..7ea4769 100644
> --- a/security/apparmor/include/apparmorfs.h
> +++ b/security/apparmor/include/apparmorfs.h
> @@ -17,6 +17,7 @@
>  
>  enum aa_fs_type {
>  	AA_FS_TYPE_BOOLEAN,
> +	AA_FS_TYPE_STRING,
>  	AA_FS_TYPE_U64,
>  	AA_FS_TYPE_FOPS,
>  	AA_FS_TYPE_DIR,
> @@ -31,6 +32,7 @@ struct aa_fs_entry {
>  	enum aa_fs_type v_type;
>  	union {
>  		bool boolean;
> +		char *string;
>  		unsigned long u64;
>  		struct aa_fs_entry *files;
>  	} v;
> @@ -43,6 +45,10 @@ extern const struct file_operations aa_fs_seq_file_ops;
>  	{ .name = (_name), .mode = 0444, \
>  	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
>  	  .file_ops = &aa_fs_seq_file_ops }
> +#define AA_FS_FILE_STRING(_name, _value) \
> +	{ .name = (_name), .mode = 0444, \
> +	  .v_type = AA_FS_TYPE_STRING, .v.string = (_value), \
> +	  .file_ops = &aa_fs_seq_file_ops }
>  #define AA_FS_FILE_U64(_name, _value) \
>  	{ .name = (_name), .mode = 0444, \
>  	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \

next prev parent reply	other threads:[~2012-01-27 19:34 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-27  0:29 [PATCH 0/4] AppArmor: refactor securityfs to use structures Kees Cook
2012-01-27  0:29 ` [PATCH 1/4] " Kees Cook
2012-01-27 19:34   ` John Johansen
2012-01-27  0:29 ` [PATCH 2/4] AppArmor: add initial "features" directory to securityfs Kees Cook
2012-01-27 19:34   ` John Johansen
2012-01-27  0:29 ` [PATCH 3/4] AppArmor: add "file" details " Kees Cook
2012-01-27 19:34   ` John Johansen [this message]
2012-01-27  0:29 ` [PATCH 4/4] AppArmor: export known rlimit names/value mappings in securityfs Kees Cook
2012-01-27 19:35   ` John Johansen
2012-01-27 18:54 ` [PATCH 0/4] AppArmor: refactor securityfs to use structures Casey Schaufler
2012-01-27 20:05   ` Kees Cook
2012-01-27 19:38 ` John Johansen
2012-01-30  1:09   ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F22FC57.4090008@canonical.com \
    --to=john.johansen@canonical.com \
    --cc=kees@ubuntu.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.