apparmor: export set of capabilities supported by the apparmor module

author John Johansen <john.johansen@canonical.com>

Wed, 14 Aug 2013 18:27:32 +0000 (11:27 -0700)

committer John Johansen <john.johansen@canonical.com>

Wed, 14 Aug 2013 18:42:07 +0000 (11:42 -0700)
author John Johansen <john.johansen@canonical.com>
Wed, 14 Aug 2013 18:27:32 +0000 (11:27 -0700)
committer John Johansen <john.johansen@canonical.com>
Wed, 14 Aug 2013 18:42:07 +0000 (11:42 -0700)
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile

index 5706b74c857f550a2515dc445164063154a12cac..0831e049072d01f6815225c74d2554c66db71129 100644 (file)
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -18,7 +18,11 @@ quiet_cmd_make-caps = GEN     $@
  cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
         sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
         -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
-       echo "};" >> $@
+       echo "};" >> $@ ;\
+       echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\
+       sed $< -r -n -e '/CAP_FS_MASK/d' \
+           -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
+            tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
  
  
  # Build a lower case string table of rlimit names.
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c

index 7a26608a566671ddf2019cad78c52c0dd624c047..d708a55d072fa956eac8a7832b00ce4e6f273555 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -773,6 +773,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
         AA_FS_DIR("file",                       aa_fs_entry_file),
         AA_FS_FILE_U64("capability",            VFS_CAP_FLAGS_MASK),
         AA_FS_DIR("rlimit",                     aa_fs_entry_rlimit),
+       AA_FS_DIR("caps",                       aa_fs_entry_caps),
         { }
  };
  
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c

index 887a5e9489453c9a304b25759b4bed973f34fb0a..84d1f5f538778b58f0b60c48d4a55ede44ff4c4f 100644 (file)
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -27,6 +27,11 @@
   */
  #include "capability_names.h"
  
+struct aa_fs_entry aa_fs_entry_caps[] = {
+       AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
+       { }
+};
+
  struct audit_cache {
         struct aa_profile *profile;
         kernel_cap_t caps;
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h

index c24d2959ea0201eff78244225216df0011b03fc4..2e7c9d6a2f3bb3f7b7ab6f4aab3b63a46a56a10a 100644 (file)
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -17,6 +17,8 @@
  
  #include <linux/sched.h>
  
+#include "apparmorfs.h"
+
  struct aa_profile;
  
  /* aa_caps - confinement data for capabilities
@@ -34,6 +36,8 @@ struct aa_caps {
         kernel_cap_t extended;
  };
  
+extern struct aa_fs_entry aa_fs_entry_caps[];
+
  int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
                int audit);
author	John Johansen <john.johansen@canonical.com>
	Wed, 14 Aug 2013 18:27:32 +0000 (11:27 -0700)
committer	John Johansen <john.johansen@canonical.com>
	Wed, 14 Aug 2013 18:42:07 +0000 (11:42 -0700)
security/apparmor/Makefile		patch \| blob \| blame \| history
security/apparmor/apparmorfs.c		patch \| blob \| blame \| history
security/apparmor/capability.c		patch \| blob \| blame \| history
security/apparmor/include/capability.h		patch \| blob \| blame \| history