apparmor: fix apparmorfs DAC access permissions

author John Johansen <john.johansen@canonical.com>

Thu, 31 Aug 2017 16:54:43 +0000 (09:54 -0700)

committer John Johansen <john.johansen@canonical.com>

Fri, 22 Sep 2017 20:20:01 +0000 (13:20 -0700)
author John Johansen <john.johansen@canonical.com>
Thu, 31 Aug 2017 16:54:43 +0000 (09:54 -0700)
committer John Johansen <john.johansen@canonical.com>
Fri, 22 Sep 2017 20:20:01 +0000 (13:20 -0700)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c

index 125dad5c3fde21bee12d2cce15b510fbdeafa622..518d5928661b518c8f037db26edfed44f6270752 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2215,12 +2215,12 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
  };
  
  static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
-       AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),
+       AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
         AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
         AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
-       AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),
-       AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),
-       AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),
+       AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
+       AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
+       AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
         AA_SFS_DIR("features", aa_sfs_entry_features),
         { }
  };
author	John Johansen <john.johansen@canonical.com>
	Thu, 31 Aug 2017 16:54:43 +0000 (09:54 -0700)
committer	John Johansen <john.johansen@canonical.com>
	Fri, 22 Sep 2017 20:20:01 +0000 (13:20 -0700)