apparmor: advertise availability of exended perms

Userspace won't load policy using extended perms unless it knows the kernel can handle them. Advertise that extended perms are supported in the feature set. Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Jon Tourville <jontourville@me.com>
author: John Johansen <john.johansen@canonical.com> 2023-03-17 00:04:17 +0100
committer: John Johansen <john.johansen@canonical.com> 2023-07-10 02:31:11 +0200
commit: 180cf257998c5f136f76b8899ef6ec57b410680b (patch)
tree: ba17958c309141b61bff4ea0ce7b97b7426a698f /security
parent: apparmor: remove unused macro (diff)
download: linux-180cf257998c5f136f76b8899ef6ec57b410680b.tar.xz
linux-180cf257998c5f136f76b8899ef6ec57b410680b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index db7a51acf9db..0e8d690c911b 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2348,11 +2348,14 @@ static struct aa_sfs_entry aa_sfs_entry_versions[] = {
 	{ }
 };
 
+#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
 static struct aa_sfs_entry aa_sfs_entry_policy[] = {
 	AA_SFS_DIR("versions",			aa_sfs_entry_versions),
 	AA_SFS_FILE_BOOLEAN("set_load",		1),
 	/* number of out of band transitions supported */
 	AA_SFS_FILE_U64("outofband",		MAX_OOB_SUPPORTED),
+	AA_SFS_FILE_U64("permstable32_version",	1),
+	AA_SFS_FILE_STRING("permstable32", PERMS32STR),
 	{ }
 };
author	John Johansen <john.johansen@canonical.com>	2023-03-17 00:04:17 +0100
committer	John Johansen <john.johansen@canonical.com>	2023-07-10 02:31:11 +0200
commit	180cf257998c5f136f76b8899ef6ec57b410680b (patch)
tree	ba17958c309141b61bff4ea0ce7b97b7426a698f /security
parent	apparmor: remove unused macro (diff)
download	linux-180cf257998c5f136f76b8899ef6ec57b410680b.tar.xz linux-180cf257998c5f136f76b8899ef6ec57b410680b.zip