[KARMIC] AppArmor

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[KARMIC] AppArmor

John Johansen-2
Please pull the AppArmor patches for Karmic.

Config options should be
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_NETWORK=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
# CONFIG_SECURITY_APPARMOR_DISABLE is not set

This will add AppArmor but not enable it by default at this time.



The following changes since commit 0c9f19b4dd23620fb32116922b0d93e8aca6c911:
  Andy Whitcroft (1):
        UBUNTU: [Config] merge kernel configs more agressively

are available in the git repository at:

  kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jj/apparmor-karmic-tree
master

John Johansen (13):
      AppArmor security module
      Sigh this is a bad commit, the work should have been done
incrementally
      Last of the mass changes, AA now compiles
      Add the declaration of default_namespace back in.
      Generated file modifications
      - Update task_is_confined check so that module parms do not oops when
      - factor out profile filtering to common routine aa_filtered_profile
      - seperate remove from replace, as the unconfined process should
not get added
      oops, finish removing conditional that was part of a debug printk
      - update auditing to use fqname of profile
      - fix oops in file_audit when cond is not set
      - remove unnecessary cred ref counting for security checks when
dealing
      - disable disconnected path checking, as it isn't quite right and is

 include/linux/audit.h                        |   10 +-
 security/Kconfig                             |    1 +
 security/Makefile                            |    2 +
 security/apparmor/Kconfig                    |   53 ++
 security/apparmor/Makefile                   |   24 +
 security/apparmor/apparmorfs.c               |  395 ++++++++++
 security/apparmor/audit.c                    |  151 ++++
 security/apparmor/capability.c               |  121 +++
 security/apparmor/context.c                  |  209 +++++
 security/apparmor/domain.c                   |  693 +++++++++++++++++
 security/apparmor/file.c                     |  427 +++++++++++
 security/apparmor/include/apparmor.h         |   65 ++
 security/apparmor/include/apparmorfs.h       |   24 +
 security/apparmor/include/audit.h            |   59 ++
 security/apparmor/include/capability.h       |   45 ++
 security/apparmor/include/context.h          |  153 ++++
 security/apparmor/include/domain.h           |   37 +
 security/apparmor/include/file.h             |  227 ++++++
 security/apparmor/include/ipc.h              |   28 +
 security/apparmor/include/match.h            |  105 +++
 security/apparmor/include/net.h              |   40 +
 security/apparmor/include/path.h             |   24 +
 security/apparmor/include/policy.h           |  301 ++++++++
 security/apparmor/include/policy_interface.h |   22 +
 security/apparmor/include/procattr.h         |   26 +
 security/apparmor/include/resource.h         |   46 ++
 security/apparmor/include/sid.h              |   46 ++
 security/apparmor/ipc.c                      |  106 +++
 security/apparmor/lib.c                      |  100 +++
 security/apparmor/lsm.c                      | 1059
++++++++++++++++++++++++++
 security/apparmor/match.c                    |  293 +++++++
 security/apparmor/net.c                      |  146 ++++
 security/apparmor/path.c                     |  155 ++++
 security/apparmor/policy.c                   |  727 ++++++++++++++++++
 security/apparmor/policy_interface.c         |  850 +++++++++++++++++++++
 security/apparmor/procattr.c                 |  117 +++
 security/apparmor/resource.c                 |  104 +++
 security/apparmor/sid.c                      |  111 +++
 38 files changed, 7101 insertions(+), 1 deletions(-)
 create mode 100644 security/apparmor/Kconfig
 create mode 100644 security/apparmor/Makefile
 create mode 100644 security/apparmor/apparmorfs.c
 create mode 100644 security/apparmor/audit.c
 create mode 100644 security/apparmor/capability.c
 create mode 100644 security/apparmor/context.c
 create mode 100644 security/apparmor/domain.c
 create mode 100644 security/apparmor/file.c
 create mode 100644 security/apparmor/include/apparmor.h
 create mode 100644 security/apparmor/include/apparmorfs.h
 create mode 100644 security/apparmor/include/audit.h
 create mode 100644 security/apparmor/include/capability.h
 create mode 100644 security/apparmor/include/context.h
 create mode 100644 security/apparmor/include/domain.h
 create mode 100644 security/apparmor/include/file.h
 create mode 100644 security/apparmor/include/ipc.h
 create mode 100644 security/apparmor/include/match.h
 create mode 100644 security/apparmor/include/net.h
 create mode 100644 security/apparmor/include/path.h
 create mode 100644 security/apparmor/include/policy.h
 create mode 100644 security/apparmor/include/policy_interface.h
 create mode 100644 security/apparmor/include/procattr.h
 create mode 100644 security/apparmor/include/resource.h
 create mode 100644 security/apparmor/include/sid.h
 create mode 100644 security/apparmor/ipc.c
 create mode 100644 security/apparmor/lib.c
 create mode 100644 security/apparmor/lsm.c
 create mode 100644 security/apparmor/match.c
 create mode 100644 security/apparmor/net.c
 create mode 100644 security/apparmor/path.c
 create mode 100644 security/apparmor/policy.c
 create mode 100644 security/apparmor/policy_interface.c
 create mode 100644 security/apparmor/procattr.c
 create mode 100644 security/apparmor/resource.c
 create mode 100644 security/apparmor/sid.c



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [KARMIC] AppArmor

Andy Whitcroft-3
On Wed, Jul 08, 2009 at 01:01:07AM -0700, John Johansen wrote:
> Please pull the AppArmor patches for Karmic.
>
> Config options should be
> CONFIG_SECURITY_APPARMOR=y
> CONFIG_SECURITY_APPARMOR_NETWORK=y
> CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
> # CONFIG_SECURITY_APPARMOR_DISABLE is not set
>
> This will add AppArmor but not enable it by default at this time.

Applied.

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team