diff options
author | John Johansen <john.johansen@canonical.com> | 2013-07-11 06:12:43 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2013-08-14 20:42:07 +0200 |
commit | 038165070aa55375d4bdd2f84b34a486feca63d6 (patch) | |
tree | 327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/include/policy.h | |
parent | apparmor: make free_profile available outside of policy.c (diff) | |
download | linux-038165070aa55375d4bdd2f84b34a486feca63d6.tar.xz linux-038165070aa55375d4bdd2f84b34a486feca63d6.zip |
apparmor: allow setting any profile into the unconfined state
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/include/policy.h')
-rw-r--r-- | security/apparmor/include/policy.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index 8a68226ff7f7..65662e3c75cf 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -56,11 +56,11 @@ enum profile_mode { APPARMOR_ENFORCE, /* enforce access rules */ APPARMOR_COMPLAIN, /* allow and log access violations */ APPARMOR_KILL, /* kill task on access violation */ + APPARMOR_UNCONFINED, /* profile set to unconfined */ }; enum profile_flags { PFLAG_HAT = 1, /* profile is a hat */ - PFLAG_UNCONFINED = 2, /* profile is an unconfined profile */ PFLAG_NULL = 4, /* profile is null learning profile */ PFLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */ PFLAG_IMMUTABLE = 0x10, /* don't allow changes/replacement */ @@ -199,7 +199,7 @@ struct aa_profile { struct aa_dfa *xmatch; int xmatch_len; enum audit_mode audit; - enum profile_mode mode; + long mode; long flags; u32 path_flags; int size; @@ -240,7 +240,7 @@ ssize_t aa_remove_profiles(char *name, size_t size); #define PROF_ADD 1 #define PROF_REPLACE 0 -#define unconfined(X) ((X)->flags & PFLAG_UNCONFINED) +#define unconfined(X) ((X)->mode == APPARMOR_UNCONFINED) /** |