packages (LINUX_2_6_38): kernel/kernel-small_fixes.patch, kernel/kernel.spe...
arekm
arekm at pld-linux.org
Wed Jun 1 23:40:10 CEST 2011
Author: arekm Date: Wed Jun 1 21:40:10 2011 GMT
Module: packages Tag: LINUX_2_6_38
---- Log message:
- apparmor oops fix
---- Files affected:
packages/kernel:
kernel-small_fixes.patch (1.25 -> 1.25.2.1) , kernel.spec (1.924.2.1 -> 1.924.2.2)
---- Diffs:
================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.25 packages/kernel/kernel-small_fixes.patch:1.25.2.1
--- packages/kernel/kernel-small_fixes.patch:1.25 Thu May 19 10:24:00 2011
+++ packages/kernel/kernel-small_fixes.patch Wed Jun 1 23:40:04 2011
@@ -153,4 +153,36 @@
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo at vger.kernel.org
-More majordomo info at http://vger.kernel.org/majordomo-info.html
\ No newline at end of file
+More majordomo info at http://vger.kernel.org/majordomo-info.htmlcommit a5b2c5b2ad5853591a6cac6134cd0f599a720865
+Author: Kees Cook <kees.cook at canonical.com>
+Date: Tue May 31 11:31:41 2011 -0700
+
+ AppArmor: fix oops in apparmor_setprocattr
+
+ When invalid parameters are passed to apparmor_setprocattr a NULL deref
+ oops occurs when it tries to record an audit message. This is because
+ it is passing NULL for the profile parameter for aa_audit. But aa_audit
+ now requires that the profile passed is not NULL.
+
+ Fix this by passing the current profile on the task that is trying to
+ setprocattr.
+
+ Signed-off-by: Kees Cook <kees at ubuntu.com>
+ Signed-off-by: John Johansen <john.johansen at canonical.com>
+ Cc: stable at kernel.org
+ Signed-off-by: James Morris <jmorris at namei.org>
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ae3a698..ec1bcec 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
+ sa.aad.op = OP_SETPROCATTR;
+ sa.aad.info = name;
+ sa.aad.error = -EINVAL;
+- return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++ return aa_audit(AUDIT_APPARMOR_DENIED,
++ __aa_current_profile(), GFP_KERNEL,
+ &sa, NULL);
+ }
+ } else if (strcmp(name, "exec") == 0) {
================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.924.2.1 packages/kernel/kernel.spec:1.924.2.2
--- packages/kernel/kernel.spec:1.924.2.1 Sun May 22 08:18:41 2011
+++ packages/kernel/kernel.spec Wed Jun 1 23:40:04 2011
@@ -329,7 +329,7 @@
AutoReqProv: no
# for hostname command
BuildRequires: module-init-tools >= 3.5
-BuildRequires: net-tools
+BuildRequires: hostname
BuildRequires: perl-base
BuildRequires: rpm-build >= 4.5-24
BuildRequires: rpmbuild(macros) >= 1.217
@@ -1552,6 +1552,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.924.2.2 2011/06/01 21:40:04 arekm
+- apparmor oops fix
+
Revision 1.924.2.1 2011/05/22 06:18:41 arekm
- partial 2.6.38.7 update (tuxonice updated to 3.2 final; vserver patch fixed; no new grsec)
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.25&r2=1.25.2.1&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.924.2.1&r2=1.924.2.2&f=u
More information about the pld-cvs-commit
mailing list