Hi James,
After merging the security-testing tree, today's linux-next build (x86_64
allmodconfig) failed like this (also some warnings ...):
security/apparmor/ipc.c: In function 'aa_ptrace':
security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
security/apparmor/domain.c: In function 'may_change_ptraced_domain':
security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
("AppArmor: LSM interface, and security module initialization")
interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
("param:param_ops") from the rr tree.
I applied the following merge fix patch:
From: Stephen Rothwell <[email protected]>
Date: Mon, 2 Aug 2010 12:00:43 +1000
Subject: [PATCH] AppArmor: update for module_param_named API change
Signed-off-by: Stephen Rothwell <[email protected]>
---
security/apparmor/lsm.c | 36 ++++++++++++++++++++++++------------
1 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8..d5666d3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
* AppArmor sysfs module parameters
*/
-static int param_set_aabool(const char *val, struct kernel_param *kp);
-static int param_get_aabool(char *buffer, struct kernel_param *kp);
+static int param_set_aabool(const char *val, const struct kernel_param *kp);
+static int param_get_aabool(char *buffer, const struct kernel_param *kp);
#define param_check_aabool(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aabool = {
+ .set = param_set_aabool,
+ .get = param_get_aabool
+};
-static int param_set_aauint(const char *val, struct kernel_param *kp);
-static int param_get_aauint(char *buffer, struct kernel_param *kp);
+static int param_set_aauint(const char *val, const struct kernel_param *kp);
+static int param_get_aauint(char *buffer, const struct kernel_param *kp);
#define param_check_aauint(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aauint = {
+ .set = param_set_aauint,
+ .get = param_get_aauint
+};
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
#define param_check_aalockpolicy(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aalockpolicy = {
+ .set = param_set_aalockpolicy,
+ .get = param_get_aalockpolicy
+};
static int param_set_audit(const char *val, struct kernel_param *kp);
static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
__setup("apparmor=", apparmor_enabled_setup);
/* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
return param_set_bool(val, kp);
}
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_get_bool(buffer, kp);
}
-static int param_set_aabool(const char *val, struct kernel_param *kp)
+static int param_set_aabool(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_set_bool(val, kp);
}
-static int param_get_aabool(char *buffer, struct kernel_param *kp)
+static int param_get_aabool(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_get_bool(buffer, kp);
}
-static int param_set_aauint(const char *val, struct kernel_param *kp)
+static int param_set_aauint(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_set_uint(val, kp);
}
-static int param_get_aauint(char *buffer, struct kernel_param *kp)
+static int param_get_aauint(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
--
1.7.1
--
Cheers,
Stephen Rothwell [email protected]
http://www.canb.auug.org.au/~sfr/
On 08/01/2010 07:16 PM, Stephen Rothwell wrote:
> Hi James,
>
> After merging the security-testing tree, today's linux-next build (x86_64
> allmodconfig) failed like this (also some warnings ...):
>
> security/apparmor/ipc.c: In function 'aa_ptrace':
> security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
> security/apparmor/domain.c: In function 'may_change_ptraced_domain':
> security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
> security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
> security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
> security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
>
> Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
> ("AppArmor: LSM interface, and security module initialization")
> interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
> ("param:param_ops") from the rr tree.
>
> I applied the following merge fix patch:
>
> From: Stephen Rothwell <[email protected]>
> Date: Mon, 2 Aug 2010 12:00:43 +1000
> Subject: [PATCH] AppArmor: update for module_param_named API change
>
> Signed-off-by: Stephen Rothwell <[email protected]>
looks good, thanks Stephen
Signed-off-by: John Johansen <[email protected]>
> ---
> security/apparmor/lsm.c | 36 ++++++++++++++++++++++++------------
> 1 files changed, 24 insertions(+), 12 deletions(-)
>
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 8db33a8..d5666d3 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
> * AppArmor sysfs module parameters
> */
>
> -static int param_set_aabool(const char *val, struct kernel_param *kp);
> -static int param_get_aabool(char *buffer, struct kernel_param *kp);
> +static int param_set_aabool(const char *val, const struct kernel_param *kp);
> +static int param_get_aabool(char *buffer, const struct kernel_param *kp);
> #define param_check_aabool(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aabool = {
> + .set = param_set_aabool,
> + .get = param_get_aabool
> +};
>
> -static int param_set_aauint(const char *val, struct kernel_param *kp);
> -static int param_get_aauint(char *buffer, struct kernel_param *kp);
> +static int param_set_aauint(const char *val, const struct kernel_param *kp);
> +static int param_get_aauint(char *buffer, const struct kernel_param *kp);
> #define param_check_aauint(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aauint = {
> + .set = param_set_aauint,
> + .get = param_get_aauint
> +};
>
> -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
> -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
> +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
> +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
> #define param_check_aalockpolicy(name, p) __param_check(name, p, int)
> +static struct kernel_param_ops param_ops_aalockpolicy = {
> + .set = param_set_aalockpolicy,
> + .get = param_get_aalockpolicy
> +};
>
> static int param_set_audit(const char *val, struct kernel_param *kp);
> static int param_get_audit(char *buffer, struct kernel_param *kp);
> @@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
> __setup("apparmor=", apparmor_enabled_setup);
>
> /* set global flag turning off the ability to load policy */
> -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
> +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> @@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
> return param_set_bool(val, kp);
> }
>
> -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
> +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> return param_get_bool(buffer, kp);
> }
>
> -static int param_set_aabool(const char *val, struct kernel_param *kp)
> +static int param_set_aabool(const char *val, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> return param_set_bool(val, kp);
> }
>
> -static int param_get_aabool(char *buffer, struct kernel_param *kp)
> +static int param_get_aabool(char *buffer, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> return param_get_bool(buffer, kp);
> }
>
> -static int param_set_aauint(const char *val, struct kernel_param *kp)
> +static int param_set_aauint(const char *val, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> return param_set_uint(val, kp);
> }
>
> -static int param_get_aauint(char *buffer, struct kernel_param *kp)
> +static int param_get_aauint(char *buffer, const struct kernel_param *kp)
> {
> if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
Hi Stephen,
the follow patch fixes the AppArmor build warnings from the security-next tree merge
From: John Johansen <[email protected]>
Date: Mon, 2 Aug 2010 19:31:57 -0700
Subject: [PATCH] AppArmor: Fix build warnings from linux-next merge
Patch AppArmor to fix build warnings for changes that exist in the
linux-next tree.
Signed-off-by: John Johansen <[email protected]>
---
security/apparmor/domain.c | 2 +-
security/apparmor/ipc.c | 2 +-
security/apparmor/lsm.c | 4 +++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 08bbe63..c825c6e 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -62,7 +62,7 @@ static int may_change_ptraced_domain(struct task_struct *task,
struct aa_profile *to_profile)
{
struct task_struct *tracer;
- struct cred *cred = NULL;
+ const struct cred *cred = NULL;
struct aa_profile *tracerp = NULL;
int error = 0;
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index 9013a78..649fad8 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -100,7 +100,7 @@ int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
if (!unconfined(tracer_p)) {
/* lcred released below */
- struct cred *lcred = get_task_cred(tracee);
+ const struct cred *lcred = get_task_cred(tracee);
struct aa_profile *tracee_p = aa_cred_profile(lcred);
error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index d5666d3..f56978a 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -607,9 +607,11 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
return error;
}
-static int apparmor_task_setrlimit(unsigned int resource,
+static int apparmor_task_setrlimit(struct task_struct *tsk,
+ unsigned int resource,
struct rlimit *new_rlim)
{
+ /* Use current profile instead of profile on @tsk */
struct aa_profile *profile = aa_current_profile();
int error = 0;
--
1.7.0.4
Hi Rusty,
On Mon, 02 Aug 2010 17:04:28 -0700 John Johansen <[email protected]> wrote:
>
> On 08/01/2010 07:16 PM, Stephen Rothwell wrote:
> >
> > After merging the security-testing tree, today's linux-next build (x86_64
> > allmodconfig) failed like this (also some warnings ...):
> >
> > security/apparmor/ipc.c: In function 'aa_ptrace':
> > security/apparmor/ipc.c:103: warning: initialization discards qualifiers from pointer target type
> > security/apparmor/domain.c: In function 'may_change_ptraced_domain':
> > security/apparmor/domain.c:73: warning: assignment discards qualifiers from pointer target type
> > security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
> > security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
> > security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
> >
> > Error caused by commit e0500000b50a50ec8cc9967001f3ed201b83cb36
> > ("AppArmor: LSM interface, and security module initialization")
> > interacting with commit 0685652df0929cec7d78efa85127f6eb34962132
> > ("param:param_ops") from the rr tree.
> >
> > I applied the following merge fix patch:
> >
> > From: Stephen Rothwell <[email protected]>
> > Date: Mon, 2 Aug 2010 12:00:43 +1000
> > Subject: [PATCH] AppArmor: update for module_param_named API change
> >
> > Signed-off-by: Stephen Rothwell <[email protected]>
> looks good, thanks Stephen
>
> Signed-off-by: John Johansen <[email protected]>
The security-testing tree has been merged by Linus, so this patch can now
be added to the rr tree.
From: Stephen Rothwell <[email protected]>
Date: Mon, 2 Aug 2010 12:00:43 +1000
Subject: [PATCH] AppArmor: update for module_param_named API change
Fixes these build errors:
security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function)
security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function)
security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function)
Signed-off-by: Stephen Rothwell <[email protected]>
Signed-off-by: John Johansen <[email protected]>
---
security/apparmor/lsm.c | 36 ++++++++++++++++++++++++------------
1 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8..d5666d3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
* AppArmor sysfs module parameters
*/
-static int param_set_aabool(const char *val, struct kernel_param *kp);
-static int param_get_aabool(char *buffer, struct kernel_param *kp);
+static int param_set_aabool(const char *val, const struct kernel_param *kp);
+static int param_get_aabool(char *buffer, const struct kernel_param *kp);
#define param_check_aabool(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aabool = {
+ .set = param_set_aabool,
+ .get = param_get_aabool
+};
-static int param_set_aauint(const char *val, struct kernel_param *kp);
-static int param_get_aauint(char *buffer, struct kernel_param *kp);
+static int param_set_aauint(const char *val, const struct kernel_param *kp);
+static int param_get_aauint(char *buffer, const struct kernel_param *kp);
#define param_check_aauint(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aauint = {
+ .set = param_set_aauint,
+ .get = param_get_aauint
+};
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
#define param_check_aalockpolicy(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aalockpolicy = {
+ .set = param_set_aalockpolicy,
+ .get = param_get_aalockpolicy
+};
static int param_set_audit(const char *val, struct kernel_param *kp);
static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
__setup("apparmor=", apparmor_enabled_setup);
/* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
return param_set_bool(val, kp);
}
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_get_bool(buffer, kp);
}
-static int param_set_aabool(const char *val, struct kernel_param *kp)
+static int param_set_aabool(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_set_bool(val, kp);
}
-static int param_get_aabool(char *buffer, struct kernel_param *kp)
+static int param_get_aabool(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_get_bool(buffer, kp);
}
-static int param_set_aauint(const char *val, struct kernel_param *kp)
+static int param_set_aauint(const char *val, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
return param_set_uint(val, kp);
}
-static int param_get_aauint(char *buffer, struct kernel_param *kp)
+static int param_get_aauint(char *buffer, const struct kernel_param *kp)
{
if (!capable(CAP_MAC_ADMIN))
return -EPERM;
--
1.7.1
--
Cheers,
Stephen Rothwell [email protected]
http://www.canb.auug.org.au/~sfr/
Hi all,
On Mon, 02 Aug 2010 19:40:31 -0700 John Johansen <[email protected]> wrote:
>
> the follow patch fixes the AppArmor build warnings from the security-next tree merge
Thanks.
> From: John Johansen <[email protected]>
> Date: Mon, 2 Aug 2010 19:31:57 -0700
> Subject: [PATCH] AppArmor: Fix build warnings from linux-next merge
>
> Patch AppArmor to fix build warnings for changes that exist in the
> linux-next tree.
>
> Signed-off-by: John Johansen <[email protected]>
.
.
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index d5666d3..f56978a 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -607,9 +607,11 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
> return error;
> }
>
> -static int apparmor_task_setrlimit(unsigned int resource,
> +static int apparmor_task_setrlimit(struct task_struct *tsk,
> + unsigned int resource,
> struct rlimit *new_rlim)
> {
> + /* Use current profile instead of profile on @tsk */
> struct aa_profile *profile = aa_current_profile();
> int error = 0;
This last change seems to have been lost along the way.
--
Cheers,
Stephen Rothwell [email protected]
http://www.canb.auug.org.au/~sfr/
Hi again,
On Wed, 18 Aug 2010 10:56:09 +1000 Stephen Rothwell <[email protected]> wrote:
>
> On Mon, 02 Aug 2010 19:40:31 -0700 John Johansen <[email protected]> wrote:
> >
> > From: John Johansen <[email protected]>
> > Date: Mon, 2 Aug 2010 19:31:57 -0700
> > Subject: [PATCH] AppArmor: Fix build warnings from linux-next merge
> >
> > Patch AppArmor to fix build warnings for changes that exist in the
> > linux-next tree.
> >
> > Signed-off-by: John Johansen <[email protected]>
> .
> .
> > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> > index d5666d3..f56978a 100644
> > --- a/security/apparmor/lsm.c
> > +++ b/security/apparmor/lsm.c
> > @@ -607,9 +607,11 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
> > return error;
> > }
> >
> > -static int apparmor_task_setrlimit(unsigned int resource,
> > +static int apparmor_task_setrlimit(struct task_struct *tsk,
> > + unsigned int resource,
> > struct rlimit *new_rlim)
> > {
> > + /* Use current profile instead of profile on @tsk */
> > struct aa_profile *profile = aa_current_profile();
> > int error = 0;
>
> This last change seems to have been lost along the way.
Sorry, my mistake, this change is sitting in the security-testing tree in
linux-next still.
--
Cheers,
Stephen Rothwell [email protected]
http://www.canb.auug.org.au/~sfr/