3549b27...
by
Andrea Righi
on 2024-03-06
UBUNTU: SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n
When CONFIG_SECURITY=n we are not initializing lsmblob correctly in
security_ cred_getlsmblob ().
Fix by calling lsmblob_init() properly.
Fixes: 4d652c1a90a7 ("UBUNTU: SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_ cred_getlsmblob LSM hook")
Reported-by: Emil Renner Berthing <email address hidden>
Signed-off-by: Andrea Righi <email address hidden>
361cb3b...
by
Andrea Righi
on 2024-01-02
UBUNTU: [Config] disable CONFIG_ SECURITY_ APPARMOR_ RESTRICT_ USERNS
BugLink: https:/ /bugs.launchpad .net/bugs/ 2028253
Signed-off-by: Andrea Righi <email address hidden>
bb98af4...
by
Paolo Pisati
on 2024-03-21
UBUNTU: SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
Signed-off-by: Paolo Pisati <email address hidden>
eff9f27...
by
John Johansen
on 2024-03-19
UBUNTU: SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
Remove the static and unused build warnings from notify.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit a22e22ecf2fd281 c16b1c629764899 44088bc689
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
b941cea...
by
John Johansen
on 2024-03-19
UBUNTU: SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
Tailglob responses are currently unused, and there are a few bugs
that need to be fixed. Sp just disable access.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 7cdddcf0388b3d2 15dd0a87ca6a9c8 b24ce1e780
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
a4ed4f5...
by
John Johansen
on 2021-10-09
UBUNTU: SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
Buglink: https:/ /bugs.launchpad .net/bugs/ 2056496
Add the ability to mediate inet access at a port and address level.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit fefa3cec7db83b9 a0dd1a339f7c8d7 6c0b820ad8
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
3ae7a3f...
by
John Johansen
on 2024-01-22
UBUNTU: SAUCE: apparmor4.0.0 [87/90]: fixup notify
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
(cherry picked from commit fb00e41adbe0c5c 0e0f2bcaaf2949f ec00b2a941
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
92b128d...
by
John Johansen
on 2024-01-04
UBUNTU: SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with policy state machine
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
Currently the caps encoding is very limited. Allow capabilities to
be mediated by the state machine. This will allow us to add
conditionals to capabilities that aren't possible with the current
encoding.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit bb78e87633afdf5 e4b7dc0b2c857f6 1e97369068
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
fb65ffc...
by
John Johansen
on 2024-01-04
UBUNTU: SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned when a user ns is created
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
User namespaces are used to create sandboxes and often need a different
set of permission than during setup. Allow for a profile state change
on the task creating the namespace.
The transition is encoded the same as exec domain transitions and
only uses a subset of the transitions available at exec. Enivronment
scrubbing etc are not available.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 90f73560fd8dfec 350c62a630a9f57 19e1da2f23
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>
d644202...
by
John Johansen
on 2024-01-03
UBUNTU: SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is not the first entry
BugLink: http:// bugs.launchpad. net/bugs/ 2028253
x_table_lookup currently does stacking during label_parse() if the
target specifies a stack but its only caller ensures that it will
never be used with stacking.
Refactor to slightly simplify the code between in x_to_label(), this
also fixes a long standing problem where x_to_labels check on stacking
is only on the first element to the table option list, instead of
the element that is found and used.
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 4faf1d74aba2719 57f81e00109223a 771b5f96a4
https:/ /git.launchpad. net/~apparmor- dev/ubuntu- kernel- next )
Signed-off-by: Paolo Pisati <email address hidden>