summaryrefslogtreecommitdiffstats
path: root/security/apparmor/domain.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-07-10 21:12:43 -0700
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 11:42:07 -0700
commit038165070aa55375d4bdd2f84b34a486feca63d6 (patch)
tree327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/domain.c
parent8651e1d6572bc2c061073f05fabcd7175789259d (diff)
downloadop-kernel-dev-038165070aa55375d4bdd2f84b34a486feca63d6.zip
op-kernel-dev-038165070aa55375d4bdd2f84b34a486feca63d6.tar.gz
apparmor: allow setting any profile into the unconfined state
Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r--security/apparmor/domain.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index bc28f26..26c607c 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -371,8 +371,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,
&name, &info);
if (error) {
- if (profile->flags &
- (PFLAG_IX_ON_NAME_ERROR | PFLAG_UNCONFINED))
+ if (unconfined(profile) ||
+ (profile->flags & PFLAG_IX_ON_NAME_ERROR))
error = 0;
name = bprm->filename;
goto audit;
OpenPOWER on IntegriCloud