0421ea91dd
Fix failure in aa_change_onexec api when the request is made from a confined task. This failure was caused by two problems The AA_MAY_ONEXEC perm was not being mapped correctly for this case. The executable name was being checked as second time instead of using the requested onexec profile name, which may not be the same as the exec profile name. This mistake can not be exploited to grant extra permission because of the above flaw where the ONEXEC permission was not being mapped so it will not be granted. BugLink: http://bugs.launchpad.net/bugs/963756 Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
---|---|---|
.. | ||
apparmor | ||
integrity | ||
keys | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
capability.c | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
Kconfig | ||
lsm_audit.c | ||
Makefile | ||
min_addr.c | ||
security.c |