From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: John Johansen <john.johansen@canonical.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org
Subject: [PATCH] apparmor: use designated initializers
Date: Fri, 16 Dec 2016 17:04:13 -0800 [thread overview]
Message-ID: <20161217010413.GA140564@beast> (raw)
Prepare to mark sensitive kernel structures for randomization by making
sure they're using designated initializers. These were identified during
allyesconfig builds of x86, arm, and arm64, with most initializer fixes
extracted from grsecurity.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
security/apparmor/file.c | 4 ++--
security/apparmor/lsm.c | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 4d2af4b01033..608971ac6781 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry)
{
- struct path link = { new_dir->mnt, new_dentry };
- struct path target = { new_dir->mnt, old_dentry };
+ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
struct path_cond cond = {
d_backing_inode(old_dentry)->i_uid,
d_backing_inode(old_dentry)->i_mode
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 41b8cb115801..83b2ab5c9d08 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, const struct path *dir,
struct dentry *dentry, u32 mask,
struct path_cond *cond)
{
- struct path path = { dir->mnt, dentry };
+ struct path path = { .mnt = dir->mnt, .dentry = dentry };
return common_perm(op, &path, mask, cond);
}
@@ -306,8 +306,8 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
profile = aa_current_profile();
if (!unconfined(profile)) {
- struct path old_path = { old_dir->mnt, old_dentry };
- struct path new_path = { new_dir->mnt, new_dentry };
+ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
+ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
d_backing_inode(old_dentry)->i_mode
};
--
2.7.4
--
Kees Cook
Nexus Security
next reply other threads:[~2016-12-17 1:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-17 1:04 Kees Cook [this message]
2016-12-17 2:01 ` [PATCH] apparmor: use designated initializers John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161217010413.GA140564@beast \
--to=keescook@chromium.org \
--cc=james.l.morris@oracle.com \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox