From a71ada305801e940ff69c2c58489778760e5148b Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 16 Jan 2017 00:42:45 -0800
Subject: apparmor: add special .null file used to "close" fds at exec

Borrow the special null device file from selinux to "close" fds that
don't have sufficient permissions at exec time.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/include/apparmorfs.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security/apparmor/include/apparmorfs.h')

diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 5626bd4..eeeae5b 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,8 @@
 #ifndef __AA_APPARMORFS_H
 #define __AA_APPARMORFS_H
 
+extern struct path aa_null;
+
 enum aa_fs_type {
 	AA_FS_TYPE_BOOLEAN,
 	AA_FS_TYPE_STRING,
-- 
cgit v1.1