diff options
| author | John Johansen | 2017-01-16 09:42:50 +0100 |
|---|---|---|
| committer | John Johansen | 2017-01-16 10:18:39 +0100 |
| commit | 2bd8dbbf22fe9eb2a99273436f815d49ceb23a8f (patch) | |
| tree | 17cdd607014ece52ccafbbc472750b3d25a9f566 /security/apparmor/include/context.h | |
| parent | apparmor: allow specifying the profile doing the management (diff) | |
| download | kernel-qcow2-linux-2bd8dbbf22fe9eb2a99273436f815d49ceb23a8f.tar.gz kernel-qcow2-linux-2bd8dbbf22fe9eb2a99273436f815d49ceb23a8f.tar.xz kernel-qcow2-linux-2bd8dbbf22fe9eb2a99273436f815d49ceb23a8f.zip | |
apparmor: add ns being viewed as a param to policy_view_capable()
Prepare for a tighter pairing of user namespaces and apparmor policy
namespaces, by making the ns to be viewed available and checking
that the user namespace level is the same as the policy ns level.
This strict pairing will be relaxed once true support of user namespaces
lands.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/context.h')
| -rw-r--r-- | security/apparmor/include/context.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h index a0acc2390fae..d378bff47ccd 100644 --- a/security/apparmor/include/context.h +++ b/security/apparmor/include/context.h @@ -20,6 +20,7 @@ #include <linux/sched.h> #include "policy.h" +#include "policy_ns.h" #define cred_cxt(X) (X)->security #define current_cxt() cred_cxt(current_cred()) @@ -162,6 +163,11 @@ static inline struct aa_profile *aa_current_profile(void) return cxt->profile; } +static inline struct aa_ns *aa_get_current_ns(void) +{ + return aa_get_ns(__aa_current_profile()->ns); +} + /** * aa_clear_task_cxt_trans - clear transition tracking info from the cxt * @cxt: task context to clear (NOT NULL) |