summaryrefslogtreecommitdiffstats
path: root/security/apparmor/policy.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-16 09:42:34 +0100
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 10:18:28 +0100
commit73688d1ed0b8f800f312f7bc9d583463858da861 (patch)
tree41d58fc6558b4a07554da9dc3ff4db3a36d1ad59 /security/apparmor/policy.c
parentapparmor: update policy_destroy to use new debug asserts (diff)
downloadlinux-73688d1ed0b8f800f312f7bc9d583463858da861.tar.xz
linux-73688d1ed0b8f800f312f7bc9d583463858da861.zip
apparmor: refactor prepare_ns() and make usable from different views
prepare_ns() will need to be called from alternate views, and namespaces will need to be created via different interfaces. So refactor and allow specifying the view ns. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r--security/apparmor/policy.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 5d99fb7ac881..e02ab20b0a8d 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -731,6 +731,7 @@ static int __lookup_replace(struct aa_ns *ns, const char *hname,
/**
* aa_replace_profiles - replace profile(s) on the profile list
+ * @view: namespace load is viewed from
* @udata: serialized data stream (NOT NULL)
* @size: size of the serialized data stream
* @noreplace: true if only doing addition, no replacement allowed
@@ -741,7 +742,8 @@ static int __lookup_replace(struct aa_ns *ns, const char *hname,
*
* Returns: size of data consumed else error code on failure.
*/
-ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
+ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size,
+ bool noreplace)
{
const char *ns_name, *info = NULL;
struct aa_ns *ns = NULL;
@@ -756,7 +758,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
goto out;
/* released below */
- ns = aa_prepare_ns(ns_name);
+ ns = aa_prepare_ns(view, ns_name);
if (!ns) {
error = audit_policy(op, GFP_KERNEL, ns_name,
"failed to prepare namespace", -ENOMEM);