diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 05:27:50 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:34 -0700 |
commit | fe864821d504f33f22b3ce2d5599ae95598db721 (patch) | |
tree | 62a2ec77f67f80f27948108de38e00837302e13c /security/apparmor/lsm.c | |
parent | d9f02d9c237aa603d781fe5165ebe383c554376d (diff) | |
download | op-kernel-dev-fe864821d504f33f22b3ce2d5599ae95598db721.zip op-kernel-dev-fe864821d504f33f22b3ce2d5599ae95598db721.tar.gz |
apparmor: move bprm_committing_creds/committed_creds to lsm.c
There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r-- | security/apparmor/lsm.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8ab00c9..3549200 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -575,6 +575,36 @@ fail: goto out; } +/** + * apparmor_bprm_committing_creds - do task cleanup on committing new creds + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committing_creds(struct linux_binprm *bprm) +{ + struct aa_profile *profile = __aa_current_profile(); + struct aa_task_ctx *new_ctx = cred_ctx(bprm->cred); + + /* bail out if unconfined or not changing profile */ + if ((new_ctx->profile == profile) || + (unconfined(new_ctx->profile))) + return; + + current->pdeath_signal = 0; + + /* reset soft limits and set hard limits for the new profile */ + __aa_transition_rlimits(profile, new_ctx->profile); +} + +/** + * apparmor_bprm_committed_cred - do cleanup after new creds committed + * @bprm: binprm for the exec (NOT NULL) + */ +static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) +{ + /* TODO: cleanup signals - ipc mediation */ + return; +} + static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { |