diff options
author | John Johansen <john.johansen@canonical.com> | 2017-01-16 00:42:52 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 01:18:40 -0800 |
commit | 078c73c63fb2878689da334f112507639c72c14f (patch) | |
tree | a1e4ea3567f70f0863b35faac815e2658af8473e /security/apparmor/apparmorfs.c | |
parent | fd2a80438d736012129977bec779db093979057e (diff) | |
download | linux-078c73c63fb2878689da334f112507639c72c14f.tar.bz2 |
apparmor: add profile and ns params to aa_may_manage_policy()
Policy management will be expanded beyond traditional unconfined root.
This will require knowning the profile of the task doing the management
and the ns view.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/apparmorfs.c')
-rw-r--r-- | security/apparmor/apparmorfs.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 9fd7f73a4e86..cc6ee1ee2b42 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -100,7 +100,7 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf, * Don't allow profile load/replace/remove from profiles that don't * have CAP_MAC_ADMIN */ - if (!aa_may_manage_policy(op)) + if (!aa_may_manage_policy(__aa_current_profile(), NULL, op)) return ERR_PTR(-EACCES); /* freed by caller to simple_write_to_buffer */ |