diff options
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/af_unix.c | 14 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 5 |
2 files changed, 11 insertions, 8 deletions
diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c index 9129766d1e9c..ac0f4be791ec 100644 --- a/security/apparmor/af_unix.c +++ b/security/apparmor/af_unix.c @@ -31,7 +31,7 @@ static inline struct sock *aa_unix_sk(struct unix_sock *u) } static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred, - struct aa_label *label, struct path *path) + struct aa_label *label, const struct path *path) { AA_BUG(!label); AA_BUG(!path); @@ -224,7 +224,7 @@ static int profile_create_perm(struct aa_profile *profile, int family, static int profile_sk_perm(struct aa_profile *profile, struct apparmor_audit_data *ad, - u32 request, struct sock *sk, struct path *path) + u32 request, struct sock *sk, const struct path *path) { struct aa_ruleset *rules = profile->label.rules[0]; struct aa_perms *p = NULL; @@ -386,9 +386,9 @@ static int profile_opt_perm(struct aa_profile *profile, u32 request, /* null peer_label is allowed, in which case the peer_sk label is used */ static int profile_peer_perm(struct aa_profile *profile, u32 request, - struct sock *sk, struct path *path, + struct sock *sk, const struct path *path, struct sockaddr_un *peer_addr, - int peer_addrlen, struct path *peer_path, + int peer_addrlen, const struct path *peer_path, struct aa_label *peer_label, struct apparmor_audit_data *ad) { @@ -445,7 +445,7 @@ int aa_unix_create_perm(struct aa_label *label, int family, int type, static int aa_unix_label_sk_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, struct sock *sk, - struct path *path) + const struct path *path) { if (!unconfined(label)) { struct aa_profile *profile; @@ -599,9 +599,9 @@ int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, static int unix_peer_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, - struct sock *sk, struct path *path, + struct sock *sk, const struct path *path, struct sockaddr_un *peer_addr, int peer_addrlen, - struct path *peer_path, struct aa_label *peer_label) + const struct path *peer_path, struct aa_label *peer_label) { struct aa_profile *profile; DEFINE_AUDIT_SK(ad, op, subj_cred, sk); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8e1cc229b41b..b3f7a3258a2c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -112,7 +112,7 @@ static void apparmor_task_free(struct task_struct *task) } static int apparmor_task_alloc(struct task_struct *task, - unsigned long clone_flags) + u64 clone_flags) { struct aa_task_ctx *new = task_ctx(task); @@ -2530,6 +2530,9 @@ static int __init apparmor_init(void) security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), &apparmor_lsmid); + /* Inform the audit system that secctx is used */ + audit_cfg_lsm(&apparmor_lsmid, AUDIT_CFG_LSM_SECCTX_SUBJECT); + /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; if (aa_g_profile_mode == APPARMOR_COMPLAIN) |