The following three patches have all been out to the lkml/lsm and have sat in
the AppArmor tree for a while.
The following changes since commit eae61f3c829439f8f9121b5cd48a14be04df451f:
TOMOYO: Fix memory leak upon file open. (2011-03-03 10:13:26 +1100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git security-next
John Johansen (3):
AppArmor: Cleanup make file to remove cruft and make it easier to read
AppArmor: cleanup generated files correctly
AppArmor: kill unused macros in lsm.c
security/apparmor/Makefile | 38 +++++++++++++++++++++++++++++++++-----
security/apparmor/lsm.c | 2 --
2 files changed, 33 insertions(+), 7 deletions(-)
Cleanups based on comments from Sam Ravnborg,
* remove references to the currently unused af_names.h
* add rlim_names.h to clean-files:
* rework cmd_make-XXX to make them more readable by adding comments,
reworking the expressions to put logical components on individual lines,
and keep lines < 80 characters.
Signed-off-by: John Johansen <[email protected]>
Acked-by: Sam Ravnborg <[email protected]>
---
security/apparmor/Makefile | 38 +++++++++++++++++++++++++++++++++-----
1 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index f204869..81e5b16 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -6,19 +6,47 @@ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
resource.o sid.o file.o
-clean-files: capability_names.h af_names.h
+clean-files: capability_names.h rlim_names.h
+
+# Build a lower case string table of capability names
+# Transforms lines from
+# #define CAP_DAC_OVERRIDE 1
+# to
+# [1] = "dac_override",
quiet_cmd_make-caps = GEN $@
-cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
+cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ;\
+ sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
+ -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
+ echo "};" >> $@
+
+# Build a lower case string table of rlimit names.
+# Transforms lines from
+# #define RLIMIT_STACK 3 /* max stack size */
+# to
+# [RLIMIT_STACK] = "stack",
+#
+# and build a second integer table (with the second sed cmd), that maps
+# RLIMIT defines to the order defined in asm-generic/resource.h Thi is
+# required by policy load to map policy ordering of RLIMITs to internal
+# ordering for architectures that redefine an RLIMIT.
+# Transforms lines from
+# #define RLIMIT_STACK 3 /* max stack size */
+# to
+# RLIMIT_STACK,
quiet_cmd_make-rlim = GEN $@
-cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
+cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
+ sed $< >> $@ -r -n \
+ -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
+ echo "};" >> $@ ;\
+ echo "static const int rlim_map[] = {" >> $@ ;\
+ sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
+ echo "};" >> $@
$(obj)/capability.o : $(obj)/capability_names.h
$(obj)/resource.o : $(obj)/rlim_names.h
$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
$(call cmd,make-caps)
-$(obj)/af_names.h : $(srctree)/include/linux/socket.h
- $(call cmd,make-af)
$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
$(call cmd,make-rlim)
--
1.7.1
Remove unused macros.
V3: param_check_aabool, param_check_aauint and param_check_aalockpolicy
are used by module_param_named implicitly.
Signed-off-by: Shan Wei <[email protected]>
Signed-off-by: John Johansen <[email protected]>
---
security/apparmor/lsm.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b7106f1..d21a427 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -693,11 +693,9 @@ static struct kernel_param_ops param_ops_aalockpolicy = {
static int param_set_audit(const char *val, struct kernel_param *kp);
static int param_get_audit(char *buffer, struct kernel_param *kp);
-#define param_check_audit(name, p) __param_check(name, p, int)
static int param_set_mode(const char *val, struct kernel_param *kp);
static int param_get_mode(char *buffer, struct kernel_param *kp);
-#define param_check_mode(name, p) __param_check(name, p, int)
/* Flag values, also controllable via /sys/module/apparmor/parameters
* We define special types as we want to do additional mediation.
--
1.7.1
clean-files should be defined as a variable not a target.
Signed-off-by: Michal Hocko <[email protected]>
Signed-off-by: John Johansen <[email protected]>
---
security/apparmor/Makefile | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 81e5b16..2dafe50 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -6,7 +6,7 @@ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
resource.o sid.o file.o
-clean-files: capability_names.h rlim_names.h
+clean-files := capability_names.h rlim_names.h
# Build a lower case string table of capability names
--
1.7.1
On Tue, 8 Mar 2011, John Johansen wrote:
> The following three patches have all been out to the lkml/lsm and have sat in
> the AppArmor tree for a while.
>
> The following changes since commit eae61f3c829439f8f9121b5cd48a14be04df451f:
>
> TOMOYO: Fix memory leak upon file open. (2011-03-03 10:13:26 +1100)
>
> are available in the git repository at:
> git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git security-next
>
> John Johansen (3):
> AppArmor: Cleanup make file to remove cruft and make it easier to read
> AppArmor: cleanup generated files correctly
> AppArmor: kill unused macros in lsm.c
These patches are showing up here with you as the author (not the original
authors). If applying raw patches, you'll need to set GIT_AUTHOR_EMAIL
and GIT_AUTHOR_NAME, or more simply, use git-am -s on mailbox format files
exported from your mailer.
- James
--
James Morris
<[email protected]>
On 03/08/2011 03:32 PM, James Morris wrote:
> On Tue, 8 Mar 2011, John Johansen wrote:
>
>> The following three patches have all been out to the lkml/lsm and have sat in
>> the AppArmor tree for a while.
>>
>> The following changes since commit eae61f3c829439f8f9121b5cd48a14be04df451f:
>>
>> TOMOYO: Fix memory leak upon file open. (2011-03-03 10:13:26 +1100)
>>
>> are available in the git repository at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git security-next
>>
>> John Johansen (3):
>> AppArmor: Cleanup make file to remove cruft and make it easier to read
>> AppArmor: cleanup generated files correctly
>> AppArmor: kill unused macros in lsm.c
>
> These patches are showing up here with you as the author (not the original
> authors). If applying raw patches, you'll need to set GIT_AUTHOR_EMAIL
> and GIT_AUTHOR_NAME, or more simply, use git-am -s on mailbox format files
> exported from your mailer.
>
Ah yep sorry about that, I've reimported and pushed it up.
The following changes since commit eae61f3c829439f8f9121b5cd48a14be04df451f:
TOMOYO: Fix memory leak upon file open. (2011-03-03 10:13:26 +1100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git security-next
John Johansen (1):
AppArmor: Cleanup make file to remove cruft and make it easier to read
Michal Hocko (1):
AppArmor: cleanup generated files correctly
Shan Wei (1):
AppArmor: kill unused macros in lsm.c
security/apparmor/Makefile | 38 +++++++++++++++++++++++++++++++++-----
security/apparmor/lsm.c | 2 --
2 files changed, 33 insertions(+), 7 deletions(-)
On Tue, 8 Mar 2011, John Johansen wrote:
> The following changes since commit eae61f3c829439f8f9121b5cd48a14be04df451f:
>
> TOMOYO: Fix memory leak upon file open. (2011-03-03 10:13:26 +1100)
>
> are available in the git repository at:
> git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git security-next
>
Applied.
--
James Morris
<[email protected]>