Inicio Explorar Axuda
Iniciar sesión
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

apparmor: root view labels should not be under user control

The root view of the label parse should not be exposed to user
control.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
John Johansen %!s(int64=8) %!d(string=hai) anos
pai
71fa373b78
achega
475bdda1f0
Modificáronse 1 ficheiros con 2 adicións e 3 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 3
      security/apparmor/label.c

+ 2 - 3
security/apparmor/label.c
Ver ficheiro 

@@ -1871,8 +1871,9 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
 
 	AA_BUG(!str);
 
 
 	str = skipn_spaces(str, n);
 
-	if (str == NULL)
 
+	if (str == NULL || (*str == '=' && base != &root_ns->unconfined->label))
 
 		return ERR_PTR(-EINVAL);
 
+
 
 	len = label_count_strn_entries(str, end - str);
 
 	if (*str == '&' || force_stack) {
 
 		/* stack on top of base */
 
@@ -1881,8 +1882,6 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
 
 		if (*str == '&')
 
 			str++;
 
 	}
 
-	if (*str == '=')
 
-		base = &root_ns->unconfined->label;
 
 
 	error = vec_setup(profile, vec, len, gfp);
 
 	if (error)