summaryrefslogtreecommitdiffstats
path: root/security/apparmor/domain.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-07-11 06:12:43 +0200
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 20:42:07 +0200
commit038165070aa55375d4bdd2f84b34a486feca63d6 (patch)
tree327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/domain.c
parentapparmor: make free_profile available outside of policy.c (diff)
downloadlinux-038165070aa55375d4bdd2f84b34a486feca63d6.tar.xz
linux-038165070aa55375d4bdd2f84b34a486feca63d6.zip
apparmor: allow setting any profile into the unconfined state
Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
-rw-r--r--security/apparmor/domain.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index bc28f2670ee4..26c607c971f5 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -371,8 +371,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,
&name, &info);
if (error) {
- if (profile->flags &
- (PFLAG_IX_ON_NAME_ERROR | PFLAG_UNCONFINED))
+ if (unconfined(profile) ||
+ (profile->flags & PFLAG_IX_ON_NAME_ERROR))
error = 0;
name = bprm->filename;
goto audit;