aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-08-14 14:27:32 -0400
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 14:42:07 -0400
commit84f1f787421cd83bb7dfb34d584586f6a5fe7baa (patch)
treefbb958c9f7950f64feea732c7d78d0831120d540 /security
parent29b3822f1e132aa0f115f69730d6e4182df153d4 (diff)
apparmor: export set of capabilities supported by the apparmor module
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/Makefile6
-rw-r--r--security/apparmor/apparmorfs.c1
-rw-r--r--security/apparmor/capability.c5
-rw-r--r--security/apparmor/include/capability.h4
4 files changed, 15 insertions, 1 deletions
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 5706b74c857f..0831e049072d 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -18,7 +18,11 @@ quiet_cmd_make-caps = GEN $@
18cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\ 18cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
19 sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \ 19 sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
20 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ 20 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
21 echo "};" >> $@ 21 echo "};" >> $@ ;\
22 echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\
23 sed $< -r -n -e '/CAP_FS_MASK/d' \
24 -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
25 tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
22 26
23 27
24# Build a lower case string table of rlimit names. 28# Build a lower case string table of rlimit names.
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 7a26608a5666..d708a55d072f 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -773,6 +773,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
773 AA_FS_DIR("file", aa_fs_entry_file), 773 AA_FS_DIR("file", aa_fs_entry_file),
774 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 774 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
775 AA_FS_DIR("rlimit", aa_fs_entry_rlimit), 775 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
776 AA_FS_DIR("caps", aa_fs_entry_caps),
776 { } 777 { }
777}; 778};
778 779
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 887a5e948945..84d1f5f53877 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -27,6 +27,11 @@
27 */ 27 */
28#include "capability_names.h" 28#include "capability_names.h"
29 29
30struct aa_fs_entry aa_fs_entry_caps[] = {
31 AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
32 { }
33};
34
30struct audit_cache { 35struct audit_cache {
31 struct aa_profile *profile; 36 struct aa_profile *profile;
32 kernel_cap_t caps; 37 kernel_cap_t caps;
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
index c24d2959ea02..2e7c9d6a2f3b 100644
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -17,6 +17,8 @@
17 17
18#include <linux/sched.h> 18#include <linux/sched.h>
19 19
20#include "apparmorfs.h"
21
20struct aa_profile; 22struct aa_profile;
21 23
22/* aa_caps - confinement data for capabilities 24/* aa_caps - confinement data for capabilities
@@ -34,6 +36,8 @@ struct aa_caps {
34 kernel_cap_t extended; 36 kernel_cap_t extended;
35}; 37};
36 38
39extern struct aa_fs_entry aa_fs_entry_caps[];
40
37int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 41int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
38 int audit); 42 int audit);
39 43