aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2018-02-09 07:57:39 -0500
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 14:30:00 -0500
commitb5beb07ad32ab533027aa988d96a44965ec116f7 (patch)
tree187176b624ad9dfe857f6b2625426b9e7ac1d5d1 /security
parent040d9e2bce0a5b321c402b79ee43a8e8d2fd3b06 (diff)
apparmor: fix resource audit messages when auditing peer
Resource auditing is using the peer field which is not available when the rlim data struct is used, because it is a different element of the same union. Accessing peer during resource auditing could cause garbage log entries or even oops the kernel. Move the rlim data block into the same struct as the peer field so they can be used together. CC: <stable@vger.kernel.org> Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels") Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/include/audit.h8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 4ac095118717..2ebc00a579fd 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -126,6 +126,10 @@ struct apparmor_audit_data {
126 const char *target; 126 const char *target;
127 kuid_t ouid; 127 kuid_t ouid;
128 } fs; 128 } fs;
129 struct {
130 int rlim;
131 unsigned long max;
132 } rlim;
129 int signal; 133 int signal;
130 }; 134 };
131 }; 135 };
@@ -135,10 +139,6 @@ struct apparmor_audit_data {
135 long pos; 139 long pos;
136 } iface; 140 } iface;
137 struct { 141 struct {
138 int rlim;
139 unsigned long max;
140 } rlim;
141 struct {
142 const char *src_name; 142 const char *src_name;
143 const char *type; 143 const char *type;
144 const char *trans; 144 const char *trans;
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-04 19:19:20 -0400