diff options
author | John Johansen <john.johansen@canonical.com> | 2017-12-12 10:02:13 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 20:30:01 +0100 |
commit | 3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf (patch) | |
tree | 243c6b0514015415805b60cd183ea9e25ac0747b /firmware | |
parent | security: apparmor: remove duplicate includes (diff) | |
download | linux-3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf.tar.xz linux-3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf.zip |
apparmor: make signal label match work when matching stacked labels
Given a label with a profile stack of
A//&B or A//&C ...
A ptrace rule should be able to specify a generic trace pattern with
a rule like
signal send A//&**,
however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.
To fix this refactor the cross check to pass the full peer label in to
the label_match.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'firmware')
0 files changed, 0 insertions, 0 deletions