summaryrefslogtreecommitdiffstats
path: root/block
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-12-09 02:43:18 +0100
committerJohn Johansen <john.johansen@canonical.com>2018-01-13 00:49:59 +0100
commit0dda0b3fb255048a221f736c8a2a24c674da8bf3 (patch)
tree2e608fa9c885466ab5d833bcbaff76620ada5db9 /block
parentMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/ker... (diff)
downloadlinux-0dda0b3fb255048a221f736c8a2a24c674da8bf3.tar.xz
linux-0dda0b3fb255048a221f736c8a2a24c674da8bf3.zip
apparmor: fix ptrace label match when matching stacked labels
Given a label with a profile stack of A//&B or A//&C ... A ptrace rule should be able to specify a generic trace pattern with a rule like ptrace trace A//&**, however this is failing because while the correct label match routine is called, it is being done post label decomposition so it is always being done against a profile instead of the stacked label. To fix this refactor the cross check to pass the full peer label in to the label_match. Fixes: 290f458a4f16 ("apparmor: allow ptrace checks to be finer grained than just capability") Cc: Stable <stable@vger.kernel.org> Reported-by: Matthew Garrett <mjg59@google.com> Tested-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'block')
0 files changed, 0 insertions, 0 deletions