diff options
author | John Johansen <john.johansen@canonical.com> | 2017-01-16 09:42:34 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 10:18:28 +0100 |
commit | 73688d1ed0b8f800f312f7bc9d583463858da861 (patch) | |
tree | 41d58fc6558b4a07554da9dc3ff4db3a36d1ad59 /security/apparmor/policy.c | |
parent | apparmor: update policy_destroy to use new debug asserts (diff) | |
download | linux-73688d1ed0b8f800f312f7bc9d583463858da861.tar.xz linux-73688d1ed0b8f800f312f7bc9d583463858da861.zip |
apparmor: refactor prepare_ns() and make usable from different views
prepare_ns() will need to be called from alternate views, and namespaces
will need to be created via different interfaces. So refactor and
allow specifying the view ns.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r-- | security/apparmor/policy.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 5d99fb7ac881..e02ab20b0a8d 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -731,6 +731,7 @@ static int __lookup_replace(struct aa_ns *ns, const char *hname, /** * aa_replace_profiles - replace profile(s) on the profile list + * @view: namespace load is viewed from * @udata: serialized data stream (NOT NULL) * @size: size of the serialized data stream * @noreplace: true if only doing addition, no replacement allowed @@ -741,7 +742,8 @@ static int __lookup_replace(struct aa_ns *ns, const char *hname, * * Returns: size of data consumed else error code on failure. */ -ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace) +ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size, + bool noreplace) { const char *ns_name, *info = NULL; struct aa_ns *ns = NULL; @@ -756,7 +758,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace) goto out; /* released below */ - ns = aa_prepare_ns(ns_name); + ns = aa_prepare_ns(view, ns_name); if (!ns) { error = audit_policy(op, GFP_KERNEL, ns_name, "failed to prepare namespace", -ENOMEM); |