diff options
author | John Johansen <john.johansen@canonical.com> | 2013-07-10 21:12:43 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2013-08-14 11:42:07 -0700 |
commit | 038165070aa55375d4bdd2f84b34a486feca63d6 (patch) | |
tree | 327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/domain.c | |
parent | 8651e1d6572bc2c061073f05fabcd7175789259d (diff) | |
download | op-kernel-dev-038165070aa55375d4bdd2f84b34a486feca63d6.zip op-kernel-dev-038165070aa55375d4bdd2f84b34a486feca63d6.tar.gz |
apparmor: allow setting any profile into the unconfined state
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r-- | security/apparmor/domain.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index bc28f26..26c607c 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -371,8 +371,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer, &name, &info); if (error) { - if (profile->flags & - (PFLAG_IX_ON_NAME_ERROR | PFLAG_UNCONFINED)) + if (unconfined(profile) || + (profile->flags & PFLAG_IX_ON_NAME_ERROR)) error = 0; name = bprm->filename; goto audit; |