From patchwork Wed Sep 15 17:16:06 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 64854 X-Patchwork-Delegate: leann.ogasawara@canonical.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 47CEFB6EF7 for ; Thu, 16 Sep 2010 03:16:40 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1Ovvb1-0001lA-Bl; Wed, 15 Sep 2010 18:16:35 +0100 Received: from adelie.canonical.com ([91.189.90.139]) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1Ovvat-0001fs-Ob for kernel-team@lists.ubuntu.com; Wed, 15 Sep 2010 18:16:27 +0100 Received: from hutte.canonical.com ([91.189.90.181]) by adelie.canonical.com with esmtp (Exim 4.69 #1 (Debian)) id 1Ovvap-0006yf-L5 for ; Wed, 15 Sep 2010 18:16:24 +0100 Received: from pool-96-225-211-211.ptldor.fios.verizon.net ([96.225.211.211] helo=canonical.com) by hutte.canonical.com with esmtpsa (TLS-1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from ) id 1Ovvap-00077G-8r for kernel-team@lists.ubuntu.com; Wed, 15 Sep 2010 18:16:23 +0100 From: John Johansen To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/3] UBUNTU: SAUCE: AppArmor: allow newer tools to load policy on older kernels Date: Wed, 15 Sep 2010 10:16:06 -0700 Message-Id: <1284570966-6603-4-git-send-email-john.johansen@canonical.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1284570966-6603-1-git-send-email-john.johansen@canonical.com> References: <1284570966-6603-1-git-send-email-john.johansen@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com BugLink: http://bugs.launchpad.net/bugs/639758 Remove an unnecessary restriction from the AppArmor network capability patch. When a newer version of the tools is used with an older kernel, it may build in extra rules for newer networking protocols that the older kernel does not know about. The older kernel can safely ignore the extra rules as it should never create sockets using the newer protocols. Signed-off-by: John Johansen --- security/apparmor/policy_unpack.c | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 6b0637b..ef11ba9 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -575,9 +575,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) size = unpack_array(e, "net_allowed_af"); if (size) { - if (size > AF_MAX) - goto fail; - for (i = 0; i < size; i++) { if (!unpack_u16(e, &profile->net.allow[i], NULL)) goto fail;