packages (LINUX_2_6_34): kernel/kernel-apparmor.patch, kernel/kernel.spec -...

arekm arekm at pld-linux.org
Wed Aug 4 15:00:07 CEST 2010


Author: arekm                        Date: Wed Aug  4 13:00:07 2010 GMT
Module: packages                      Tag: LINUX_2_6_34
---- Log message:
- updated apparmor to v2.6

---- Files affected:
packages/kernel:
   kernel-apparmor.patch (1.7 -> 1.7.2.1) , kernel.spec (1.798.2.1 -> 1.798.2.2) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.7 packages/kernel/kernel-apparmor.patch:1.7.2.1
--- packages/kernel/kernel-apparmor.patch:1.7	Tue Mar 16 22:15:38 2010
+++ packages/kernel/kernel-apparmor.patch	Wed Aug  4 15:00:02 2010
@@ -1,31 +1,229 @@
-diff --git a/include/linux/audit.h b/include/linux/audit.h
-index 3c7a358..a1db25b 100644
---- a/include/linux/audit.h
-+++ b/include/linux/audit.h
-@@ -33,7 +33,7 @@
-  * 1200 - 1299 messages internal to the audit daemon
-  * 1300 - 1399 audit event messages
-  * 1400 - 1499 SE Linux use
-- * 1500 - 1599 kernel LSPP events
-+ * 1500 - 1599 AppArmor use
-  * 1600 - 1699 kernel crypto events
-  * 1700 - 1799 kernel anomaly records
-  * 1800 - 1899 kernel integrity events
-@@ -122,6 +122,14 @@
- #define AUDIT_MAC_UNLBL_STCADD	1416	/* NetLabel: add a static label */
- #define AUDIT_MAC_UNLBL_STCDEL	1417	/* NetLabel: del a static label */
+From 98dccdc158c804029036d76aef8352c7e00d00f4 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen at canonical.com>
+Date: Tue, 3 Aug 2010 10:57:00 -0700
+Subject: [PATCH] AppArmor: security module v2.6 + compat patches as of 29-07-2010 (security-next)
+
+AppArmor v2.6 module as synced to security-next 29-07-2010 backported to
+2.6.34 + AppArmor 2.4 compatibility patches.
+
+Signed-off-by: John Johansen <john.johansen at canonical.com>
+---
+ Documentation/apparmor.txt                |   40 +
+ Documentation/kernel-parameters.txt       |    8 +
+ MAINTAINERS                               |    8 +
+ include/linux/lsm_audit.h                 |   31 +
+ security/Kconfig                          |    6 +
+ security/Makefile                         |    2 +
+ security/apparmor/.gitignore              |    5 +
+ security/apparmor/Kconfig                 |   40 +
+ security/apparmor/Makefile                |   30 +
+ security/apparmor/apparmorfs-24.c         |  287 +++++++
+ security/apparmor/apparmorfs.c            |  253 ++++++
+ security/apparmor/audit.c                 |  215 ++++++
+ security/apparmor/capability.c            |  141 ++++
+ security/apparmor/context.c               |  216 ++++++
+ security/apparmor/domain.c                |  823 ++++++++++++++++++++
+ security/apparmor/file.c                  |  457 +++++++++++
+ security/apparmor/include/apparmor.h      |   92 +++
+ security/apparmor/include/apparmorfs.h    |   26 +
+ security/apparmor/include/audit.h         |  129 ++++
+ security/apparmor/include/capability.h    |   45 ++
+ security/apparmor/include/context.h       |  154 ++++
+ security/apparmor/include/domain.h        |   36 +
+ security/apparmor/include/file.h          |  217 ++++++
+ security/apparmor/include/ipc.h           |   28 +
+ security/apparmor/include/match.h         |  132 ++++
+ security/apparmor/include/net.h           |   40 +
+ security/apparmor/include/path.h          |   31 +
+ security/apparmor/include/policy.h        |  308 ++++++++
+ security/apparmor/include/policy_unpack.h |   20 +
+ security/apparmor/include/procattr.h      |   26 +
+ security/apparmor/include/resource.h      |   46 ++
+ security/apparmor/include/sid.h           |   24 +
+ security/apparmor/ipc.c                   |  114 +++
+ security/apparmor/lib.c                   |  133 ++++
+ security/apparmor/lsm.c                   | 1051 +++++++++++++++++++++++++
+ security/apparmor/match.c                 |  370 +++++++++
+ security/apparmor/net.c                   |  169 ++++
+ security/apparmor/path.c                  |  235 ++++++
+ security/apparmor/policy.c                | 1185 +++++++++++++++++++++++++++++
+ security/apparmor/policy_unpack.c         |  740 ++++++++++++++++++
+ security/apparmor/procattr.c              |  170 ++++
+ security/apparmor/resource.c              |  134 ++++
+ security/apparmor/sid.c                   |   55 ++
+ 43 files changed, 8272 insertions(+), 0 deletions(-)
+ create mode 100644 Documentation/apparmor.txt
+ create mode 100644 security/apparmor/.gitignore
+ create mode 100644 security/apparmor/Kconfig
+ create mode 100644 security/apparmor/Makefile
+ create mode 100644 security/apparmor/apparmorfs-24.c
+ create mode 100644 security/apparmor/apparmorfs.c
+ create mode 100644 security/apparmor/audit.c
+ create mode 100644 security/apparmor/capability.c
+ create mode 100644 security/apparmor/context.c
+ create mode 100644 security/apparmor/domain.c
+ create mode 100644 security/apparmor/file.c
+ create mode 100644 security/apparmor/include/apparmor.h
+ create mode 100644 security/apparmor/include/apparmorfs.h
+ create mode 100644 security/apparmor/include/audit.h
+ create mode 100644 security/apparmor/include/capability.h
+ create mode 100644 security/apparmor/include/context.h
+ create mode 100644 security/apparmor/include/domain.h
+ create mode 100644 security/apparmor/include/file.h
+ create mode 100644 security/apparmor/include/ipc.h
+ create mode 100644 security/apparmor/include/match.h
+ create mode 100644 security/apparmor/include/net.h
+ create mode 100644 security/apparmor/include/path.h
+ create mode 100644 security/apparmor/include/policy.h
+ create mode 100644 security/apparmor/include/policy_unpack.h
+ create mode 100644 security/apparmor/include/procattr.h
+ create mode 100644 security/apparmor/include/resource.h
+ create mode 100644 security/apparmor/include/sid.h
+ create mode 100644 security/apparmor/ipc.c
+ create mode 100644 security/apparmor/lib.c
+ create mode 100644 security/apparmor/lsm.c
+ create mode 100644 security/apparmor/match.c
+ create mode 100644 security/apparmor/net.c
+ create mode 100644 security/apparmor/path.c
+ create mode 100644 security/apparmor/policy.c
+ create mode 100644 security/apparmor/policy_unpack.c
+ create mode 100644 security/apparmor/procattr.c
+ create mode 100644 security/apparmor/resource.c
+ create mode 100644 security/apparmor/sid.c
+
+diff --git a/Documentation/apparmor.txt b/Documentation/apparmor.txt
+new file mode 100644
+index 0000000..6240438
+--- /dev/null
++++ b/Documentation/apparmor.txt
+@@ -0,0 +1,40 @@
++--- What is AppArmor? ---
++
++AppArmor is MAC style security extension for the Linux kernel.  It implements
++a task centered policy, with task "profiles" being created and loaded
++from user space.  Tasks on the system that do not have a profile defined for
++them run in an unconfined state which is equivalent to standard Linux DAC
++permissions.
++
++--- How to enable/disable ---
++
++set CONFIG_SECURITY_APPARMOR=y
++
++If AppArmor should be selected as the default security module then
++   set CONFIG_DEFAULT_SECURITY="apparmor"
++   and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
++
++Build the kernel
++
++If AppArmor is not the default security module it can be enabled by passing
++security=apparmor on the kernel's command line.
++
++If AppArmor is the default security module it can be disabled by passing
++apparmor=0, security=XXXX (where XXX is valid security module), on the
++kernel's command line
++
++For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
++policy must be loaded into the kernel from user space (see the Documentation
++and tools links).
++
++--- Documentation ---
++
++Documentation can be found on the wiki.
++
++--- Links ---
++
++Mailing List - apparmor at lists.ubuntu.com
++Wiki - http://apparmor.wiki.kernel.org/
++User space tools - https://launchpad.net/apparmor
++Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
++
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index 839b21b..66c729e 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -92,6 +92,7 @@ parameter is applicable:
+ 			Documentation/scsi/.
+ 	SECURITY Different security models are enabled.
+ 	SELINUX SELinux support is enabled.
++	APPARMOR AppArmor support is enabled.
+ 	SERIAL	Serial support is enabled.
+ 	SH	SuperH architecture is enabled.
+ 	SMP	The kernel is an SMP kernel.
+@@ -2278,6 +2279,13 @@ and is between 256 and 4096 characters. It is defined in the file
+ 			If enabled at boot time, /selinux/disable can be used
+ 			later to disable prior to initial policy load.
  
-+#define AUDIT_APPARMOR_AUDIT	1501	/* AppArmor audited grants */
-+#define AUDIT_APPARMOR_ALLOWED	1502	/* Allowed Access for learning */
-+#define AUDIT_APPARMOR_DENIED	1503
-+#define AUDIT_APPARMOR_HINT	1504	/* Process Tracking information */
-+#define AUDIT_APPARMOR_STATUS	1505	/* Changes in config */
-+#define AUDIT_APPARMOR_ERROR	1506	/* Internal AppArmor Errors */
-+#define AUDIT_APPARMOR_KILL	1507	/* AppArmor killing processes */
-+
- #define AUDIT_FIRST_KERN_ANOM_MSG   1700
- #define AUDIT_LAST_KERN_ANOM_MSG    1799
- #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
++	apparmor=	[APPARMOR] Disable or enable AppArmor at boot time
++			Format: { "0" | "1" }
++			See security/apparmor/Kconfig help text
++			0 -- disable.
++			1 -- enable.
++			Default value is set via kernel config option.
++
+ 	serialnumber	[BUGS=X86-32]
+ 
+ 	shapers=	[NET]
+diff --git a/MAINTAINERS b/MAINTAINERS
+index d329b05..5ce2926 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -4961,6 +4961,14 @@ S:	Supported
+ F:	include/linux/selinux*
+ F:	security/selinux/
+ 
++APPARMOR SECURITY MODULE
++M:	John Johansen <john.johansen at canonical.com>
++L:	apparmor at lists.ubuntu.com (subscribers-only, general discussion)
++W:	apparmor.wiki.kernel.org
++T:	git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
++S:	Supported
++F:	security/apparmor/
++
+ SENSABLE PHANTOM
+ M:	Jiri Slaby <jirislaby at gmail.com>
+ S:	Maintained
+diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
+index f78f83d..183ae04 100644
+--- a/include/linux/lsm_audit.h
++++ b/include/linux/lsm_audit.h
+@@ -94,6 +94,37 @@ struct common_audit_data {
+ 			int result;
+ 		} selinux_audit_data;
+ #endif
++#ifdef CONFIG_SECURITY_APPARMOR
++		struct {
++			int error;
++			int op;
++			int type;
++			void *profile;
++			const char *name;
++			const char *info;
++			union {
++				void *target;
++				struct {
++					long pos;
++					void *target;
++				} iface;
++				struct {
++					int rlim;
++					unsigned long max;
++				} rlim;
++				struct {
++					const char *target;
++					u32 request;
++					u32 denied;
++					uid_t ouid;
++				} fs;
++				struct {
++					int type, protocol;
++					struct sock *sk;
++				} net;
++			};
++		} apparmor_audit_data;
++#endif
+ 	};
+ 	/* these callback will be implemented by a specific LSM */
+ 	void (*lsm_pre_audit)(struct audit_buffer *, void *);
 diff --git a/security/Kconfig b/security/Kconfig
 index 226b955..bd72ae6 100644
 --- a/security/Kconfig
@@ -97,7 +295,7 @@
 +capability_names.h
 diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
 new file mode 100644
-index 0000000..5c57df7
+index 0000000..fdf3022
 --- /dev/null
 +++ b/security/apparmor/Kconfig
 @@ -0,0 +1,40 @@
@@ -113,7 +311,7 @@
 +	  This enables the AppArmor security module.
 +	  Required userspace tools (if they are not included in your
 +	  distribution) and further information may be found at
-+	  <http://forge.novell.com/modules/xfmod/project/?apparmor>
++	  http://apparmor.wiki.kernel.org
 +
 +	  If you are unsure how to answer this question, answer N.
 +
@@ -127,9 +325,9 @@
 +	  'apparmor', which allows AppArmor to be enabled or disabled
 +          at boot.  If this option is set to 0 (zero), the AppArmor
 +	  kernel parameter will default to 0, disabling AppArmor at
-+	  bootup.  If this option is set to 1 (one), the AppArmor
++	  boot.  If this option is set to 1 (one), the AppArmor
 +	  kernel parameter will default to 1, enabling AppArmor at
-+	  bootup.
++	  boot.
 +
 +	  If you are unsure how to answer this question, answer 1.
 +
@@ -143,10 +341,10 @@
 +          is desired.
 diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
 new file mode 100644
-index 0000000..554cba7
+index 0000000..e5e8968
 --- /dev/null
 +++ b/security/apparmor/Makefile
-@@ -0,0 +1,24 @@
+@@ -0,0 +1,30 @@
 +# Makefile for AppArmor Linux Security Module
 +#
 +obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
@@ -165,18 +363,24 @@
 +quiet_cmd_make-af = GEN     $@
 +cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ; sed -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "s/^\#define[ \\t]\\+AF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
 +
++quiet_cmd_make-rlim = GEN     $@
++cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
++
 +$(obj)/capability.o : $(obj)/capability_names.h
 +$(obj)/net.o : $(obj)/af_names.h
++$(obj)/resource.o : $(obj)/rlim_names.h
 +$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
 +	$(call cmd,make-caps)
 +$(obj)/af_names.h : $(srctree)/include/linux/socket.h
 +	$(call cmd,make-af)
++$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
++	$(call cmd,make-rlim)
 diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c
 new file mode 100644
-index 0000000..f64aae8
+index 0000000..dc8c744
 --- /dev/null
 +++ b/security/apparmor/apparmorfs-24.c
-@@ -0,0 +1,61 @@
+@@ -0,0 +1,287 @@
 +/*
 + * AppArmor security module
 + *
@@ -238,207 +442,6 @@
 +const struct file_operations aa_fs_features_fops = {
 +	.read = aa_features_read,
 +};
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-new file mode 100644
-index 0000000..89a26a0
---- /dev/null
-+++ b/security/apparmor/apparmorfs.c
-@@ -0,0 +1,561 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor /sys/kernel/security/apparmor interface functions
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009-2010 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#include <linux/security.h>
-+#include <linux/vmalloc.h>
-+#include <linux/module.h>
-+#include <linux/seq_file.h>
-+#include <linux/uaccess.h>
-+#include <linux/namei.h>
-+
-+#include "include/apparmor.h"
-+#include "include/apparmorfs.h"
-+#include "include/audit.h"
-+#include "include/context.h"
-+#include "include/policy.h"
-+
-+/**
-+ * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc
-+ * @size: size of allocation
-+ *
-+ * Return: allocated buffer or NULL if failed
-+ *
-+ * It is possible that policy being loaded from the user is larger than
-+ * what can be allocated by kmalloc, in those cases fall back to vmalloc.
-+ */
-+static void *kvmalloc(size_t size)
-+{
-+	void *buffer;
-+
-+	if (size == 0)
-+		return NULL;
-+
-+	buffer = kmalloc(size, GFP_KERNEL);
-+	if (!buffer)
-+		buffer = vmalloc(size);
-+	return buffer;
-+}
-+
-+/**
-+ * kvfree - free an allocation do by kvmalloc
-+ * @buffer: buffer to free
-+ *
-+ * Free a buffer allocated by kvmalloc
-+ */
-+static void kvfree(void *buffer)
-+{
-+	if (!buffer)
-+		return;
-+
-+	if (is_vmalloc_addr(buffer))
-+		vfree(buffer);
-+	else
-+		kfree(buffer);
-+}
-+
-+/**
-+ * aa_simple_write_to_buffer - common routine for getting policy from user
-+ * @userbuf: user buffer to copy data from  (NOT NULL)
-+ * @alloc_size: size of user buffer
-+ * @copy_size: size of data to copy from user buffer
-+ * @pos: position write is at in the file
-+ * @operation: name of operation doing the user buffer copy (NOT NULL)
-+ *
-+ * Returns: kernel buffer containing copy of user buffer data or an
-+ *          ERR_PTR on failure.
-+ */
-+static char *aa_simple_write_to_buffer(const char __user *userbuf,
-+				       size_t alloc_size, size_t copy_size,
-+				       loff_t *pos, const char *operation)
-+{
-+	char *data;
-+
-+	if (*pos != 0) {
-+		/* only writes from pos 0, that is complete writes */
-+		data = ERR_PTR(-ESPIPE);
-+		goto out;
-+	}
-+
-+	/*
-+	 * Don't allow profile load/replace/remove from profiles that don't
-+	 * have CAP_MAC_ADMIN
-+	 */
-+	if (!capable(CAP_MAC_ADMIN)) {
-+		struct aa_profile *profile = NULL;
-+		struct aa_audit sa = {
-+			.operation = operation,
-+			.gfp_mask = GFP_KERNEL,
-+			.error = -EACCES,
-+		};
-+		profile = aa_current_profile();
-+		data = ERR_PTR(aa_audit(AUDIT_APPARMOR_DENIED, profile, &sa,
-+					NULL));
-+		goto out;
-+	}
-+	/* freed by caller to aa_simple_write_to_buffer */
-+	data = kvmalloc(alloc_size);
-+	if (data == NULL) {
-+		data = ERR_PTR(-ENOMEM);
-+		goto out;
-+	}
-+
-+	if (copy_from_user(data, userbuf, copy_size)) {
-+		kvfree(data);
-+		data = ERR_PTR(-EFAULT);
-+		goto out;
-+	}
-+
-+out:
-+	return data;
-+}
-+
-+
-+/* .load file hook fn to load policy */
-+static ssize_t aa_profile_load(struct file *f, const char __user *buf,
-+			       size_t size, loff_t *pos)
-+{
-+	char *data;
-+	ssize_t error;
-+
-+	data = aa_simple_write_to_buffer(buf, size, size, pos, "profile_load");
-+
-+	error = PTR_ERR(data);
-+	if (!IS_ERR(data)) {
-+		error = aa_interface_replace_profiles(data, size, 1);
-+		kvfree(data);
-+	}
-+
-+	return error;
-+}
-+
-+static const struct file_operations aa_fs_profile_load = {
-+	.write = aa_profile_load
-+};
-+
-+/* .replace file hook fn to load and/or replace policy */
-+static ssize_t aa_profile_replace(struct file *f, const char __user *buf,
-+				  size_t size, loff_t *pos)
-+{
-+	char *data;
-+	ssize_t error;
-+
-+	data = aa_simple_write_to_buffer(buf, size, size, pos,
-+					 "profile_replace");
-+	error = PTR_ERR(data);
-+	if (!IS_ERR(data)) {
-+		error = aa_interface_replace_profiles(data, size, 0);
-+		kvfree(data);
-+	}
-+
-+	return error;
-+}
-+
-+static const struct file_operations aa_fs_profile_replace = {
-+	.write = aa_profile_replace
-+};
-+
-+/* .remove file hook fn to remove loaded policy */
-+static ssize_t aa_profile_remove(struct file *f, const char __user *buf,
-+				 size_t size, loff_t *pos)
-+{
-+	char *data;
-+	ssize_t error;
-+
-+	/*
-+	 * aa_remove_profile needs a null terminated string so 1 extra
-+	 * byte is allocated and the copied data is null terminated.
-+	 */
-+	data = aa_simple_write_to_buffer(buf, size + 1, size, pos,
-+					 "profile_remove");
-+
-+	error = PTR_ERR(data);
-+	if (!IS_ERR(data)) {
-+		data[size] = 0;
-+		error = aa_interface_remove_profiles(data, size);
-+		kvfree(data);
-+	}
-+
-+	return error;
-+}
-+
-+static const struct file_operations aa_fs_profile_remove = {
-+	.write = aa_profile_remove
-+};
-+
 +
 +/**
 + * __next_namespace - find the next namespace to list
@@ -488,8 +491,8 @@
 + *
 + * Returns: unrefcounted profile or NULL if no profile
 + */
-+	static struct aa_profile *__first_profile(struct aa_namespace *root,
-+						  struct aa_namespace *ns)
++static struct aa_profile *__first_profile(struct aa_namespace *root,
++					  struct aa_namespace *ns)
 +{
 +	for ( ; ns; ns = __next_namespace(root, ns)) {
 +		if (!list_empty(&ns->base.profiles))
@@ -623,27 +626,7 @@
 +}
 +
 +/**
-+ * print_ns_name - print a namespace name back to @root
-+ * @root: root namespace to stop at
-+ * @ns: namespace to gen name for
-+ *
-+ * Returns: true if it printed a name
-+ */
-+static bool print_ns_name(struct seq_file *f, struct aa_namespace *root,
-+			  struct aa_namespace *ns)
-+{
-+	if (!ns || ns == root)
-+		return 0;
-+
-+	if (ns->parent && print_ns_name(f, root, ns->parent))
-+		seq_printf(f, "//");
-+
-+	seq_printf(f, "%s", ns->base.name);
-+	return 1;
-+}
-+
-+/**
-+ * seq_show_profile - 
++ * seq_show_profile - show a profile entry
 + * @f: seq_file to file
 + * @p: current position (profile)    (NOT NULL)
 + *
@@ -655,9 +638,7 @@
 +	struct aa_namespace *root = f->private;
 +
 +	if (profile->ns != root)
-+		seq_printf(f, ":");
-+	if (print_ns_name(f, root, profile->ns))
-+		seq_printf(f, "://");
++		seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
 +	seq_printf(f, "%s (%s)\n", profile->base.hname,
 +		   COMPLAIN_MODE(profile) ? "complain" : "enforce");
 +
@@ -671,31 +652,172 @@
 +	.show = seq_show_profile,
 +};
 +
-+static int aa_profiles_open(struct inode *inode, struct file *file)
++static int profiles_open(struct inode *inode, struct file *file)
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.7&r2=1.7.2.1&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.798.2.1&r2=1.798.2.2&f=u



More information about the pld-cvs-commit mailing list