diff options
| author | John Johansen | 2017-06-09 17:14:28 +0200 |
|---|---|---|
| committer | John Johansen | 2017-06-11 02:11:38 +0200 |
| commit | 637f688dc3dc304a89f441d76f49a0e35bc49c08 (patch) | |
| tree | 78fee8a7aa212140c4c6b6a9b722bbba61802cab /security/apparmor/include/policy_ns.h | |
| parent | apparmor: add the base fns() for domain labels (diff) | |
| download | kernel-qcow2-linux-637f688dc3dc304a89f441d76f49a0e35bc49c08.tar.gz kernel-qcow2-linux-637f688dc3dc304a89f441d76f49a0e35bc49c08.tar.xz kernel-qcow2-linux-637f688dc3dc304a89f441d76f49a0e35bc49c08.zip | |
apparmor: switch from profiles to using labels on contexts
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/policy_ns.h')
| -rw-r--r-- | security/apparmor/include/policy_ns.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h index 2f7e480a34e0..9605f18624e2 100644 --- a/security/apparmor/include/policy_ns.h +++ b/security/apparmor/include/policy_ns.h @@ -19,6 +19,7 @@ #include "apparmor.h" #include "apparmorfs.h" +#include "label.h" #include "policy.h" @@ -71,6 +72,7 @@ struct aa_ns { long revision; wait_queue_head_t wait; + struct aa_labelset labels; struct list_head rawdata_list; struct dentry *dents[AAFS_NS_SIZEOF]; @@ -80,6 +82,8 @@ extern struct aa_ns *root_ns; extern const char *aa_hidden_ns_name; +#define ns_unconfined(NS) (&(NS)->unconfined->label) + bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns); const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns); void aa_free_ns(struct aa_ns *ns); |