diff options
| author | John Johansen <john.johansen@canonical.com> | 2022-09-29 15:24:29 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 23:49:04 +0200 |
| commit | 70f24a9f9084b7fffd95daa707cce8e339b189dd (patch) | |
| tree | 28866ed514dc725bf89c821b22624a2d8ff32138 /security | |
| parent | apparmor: make sure the decompression ctx is promperly initialized (diff) | |
| download | linux-70f24a9f9084b7fffd95daa707cce8e339b189dd.tar.xz linux-70f24a9f9084b7fffd95daa707cce8e339b189dd.zip | |
apparmor: Fix undefined references to zstd_ symbols
Unfortunately the switch to using zstd compression did not properly
ifdef all the code that uses zstd_ symbols. So that if exporting of
binary policy is disabled in the config the compile will fail with the
following errors
security/apparmor/lsm.c:1545: undefined reference to `zstd_min_clevel'
aarch64-linux-ld: security/apparmor/lsm.c:1545: undefined reference to `zstd_max_clevel'
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 52ccc20c652b ("apparmor: use zstd compression for profile data")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Jon Tourville <jon.tourville@canonical.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/apparmorfs.c | 4 | ||||
| -rw-r--r-- | security/apparmor/include/apparmor.h | 11 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 5 |
3 files changed, 15 insertions, 5 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index ddd64b8ebf05..2c138309ad66 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1202,13 +1202,13 @@ static int seq_ns_name_show(struct seq_file *seq, void *v) static int seq_ns_compress_min_show(struct seq_file *seq, void *v) { - seq_printf(seq, "%d\n", zstd_min_clevel()); + seq_printf(seq, "%d\n", AA_MIN_CLEVEL); return 0; } static int seq_ns_compress_max_show(struct seq_file *seq, void *v) { - seq_printf(seq, "%d\n", zstd_max_clevel()); + seq_printf(seq, "%d\n", AA_MAX_CLEVEL); return 0; } diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 6d9ca075fcb9..8a81557c9d59 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -51,4 +51,15 @@ extern bool aa_g_logsyscall; extern bool aa_g_paranoid_load; extern unsigned int aa_g_path_max; +#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY +#define AA_MIN_CLEVEL zstd_min_clevel() +#define AA_MAX_CLEVEL zstd_max_clevel() +#define AA_DEFAULT_CLEVEL ZSTD_CLEVEL_DEFAULT +#else +#define AA_MIN_CLEVEL 0 +#define AA_MAX_CLEVEL 0 +#define AA_DEFAULT_CLEVEL 0 +#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */ + + #endif /* __APPARMOR_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index a22e53e44123..8e2b951c4988 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1365,7 +1365,7 @@ module_param_named(export_binary, aa_g_export_binary, aabool, 0600); #endif /* policy loaddata compression level */ -int aa_g_rawdata_compression_level = ZSTD_CLEVEL_DEFAULT; +int aa_g_rawdata_compression_level = AA_DEFAULT_CLEVEL; module_param_named(rawdata_compression_level, aa_g_rawdata_compression_level, aacompressionlevel, 0400); @@ -1547,8 +1547,7 @@ static int param_set_aacompressionlevel(const char *val, error = param_set_int(val, kp); aa_g_rawdata_compression_level = clamp(aa_g_rawdata_compression_level, - zstd_min_clevel(), - zstd_max_clevel()); + AA_MIN_CLEVEL, AA_MAX_CLEVEL); pr_info("AppArmor: policy rawdata compression level set to %d\n", aa_g_rawdata_compression_level); |