| Message ID | 0e9b707c-bae3-785e-9c06-8b5dc0698822@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Artful,Bionic] UBUNTU: SAUCE: apparmor: fix display of .ns_name for containers | expand |
On 31/01/18 10:23, John Johansen wrote: > The .ns_name should not be virtualized by the current ns view. It > needs to report the ns base name as that is being used during startup > as part of determining apparmor policy namespace support. > > BugLink: http://bugs.launchpad.net/bugs/1746463 > Fixes: d9f02d9c237aa ("apparmor: fix display of ns name") > Reported-by: Serge Hallyn <serge@hallyn.com> > Tested-by: Serge Hallyn <serge@hallyn.com> > Signed-off-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/apparmorfs.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c > index d4fa04d91439..a23b0ca19fd0 100644 > --- a/security/apparmor/apparmorfs.c > +++ b/security/apparmor/apparmorfs.c > @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v) > static int seq_ns_name_show(struct seq_file *seq, void *v) > { > struct aa_label *label = begin_current_label_crit_section(); > - > - seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label), > - labels_ns(label), true)); > + seq_printf(seq, "%s\n", labels_ns(label)->base.name); > end_current_label_crit_section(label); > > return 0; > Thanks John. Acked-by: Colin Ian King <colin.king@canonical.com>
On Wed, Jan 31, 2018 at 11:23:41AM +0100, John Johansen wrote: > The .ns_name should not be virtualized by the current ns view. It > needs to report the ns base name as that is being used during startup > as part of determining apparmor policy namespace support. > > BugLink: http://bugs.launchpad.net/bugs/1746463 > Fixes: d9f02d9c237aa ("apparmor: fix display of ns name") > Reported-by: Serge Hallyn <serge@hallyn.com> > Tested-by: Serge Hallyn <serge@hallyn.com> > Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Applied to bionic/master and unstable/master-next, thanks!
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index d4fa04d91439..a23b0ca19fd0 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_file *seq, void *v) static int seq_ns_name_show(struct seq_file *seq, void *v) { struct aa_label *label = begin_current_label_crit_section(); - - seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label), - labels_ns(label), true)); + seq_printf(seq, "%s\n", labels_ns(label)->base.name); end_current_label_crit_section(label); return 0;
The .ns_name should not be virtualized by the current ns view. It needs to report the ns base name as that is being used during startup as part of determining apparmor policy namespace support. BugLink: http://bugs.launchpad.net/bugs/1746463 Fixes: d9f02d9c237aa ("apparmor: fix display of ns name") Reported-by: Serge Hallyn <serge@hallyn.com> Tested-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/apparmorfs.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)