1
Add missing inode_symlink hook
3
The lsm is missing the inode_symlink hook. Symlinks should be
4
treated like file creates, i.e., check for profile write access.
6
Index: b/security/apparmor/lsm.c
7
===================================================================
8
--- a/security/apparmor/lsm.c
9
+++ b/security/apparmor/lsm.c
10
@@ -341,6 +341,26 @@ out:
14
+static int apparmor_inode_symlink(struct inode *dir, struct dentry *dentry,
15
+ struct vfsmount *mnt, const char *old_name)
17
+ struct aa_profile *active;
20
+ if (!mnt || !mediated_filesystem(dir))
23
+ active = get_active_aa_profile();
26
+ error = aa_perm(active, dentry, mnt, MAY_WRITE);
28
+ put_aa_profile(active);
34
static int apparmor_inode_mknod(struct inode *dir, struct dentry *dentry,
35
struct vfsmount *mnt, int mode, dev_t dev)
37
@@ -791,6 +811,7 @@ struct security_operations apparmor_ops
38
.inode_create = apparmor_inode_create,
39
.inode_link = apparmor_inode_link,
40
.inode_unlink = apparmor_inode_unlink,
41
+ .inode_symlink = apparmor_inode_symlink,
42
.inode_mknod = apparmor_inode_mknod,
43
.inode_rename = apparmor_inode_rename,
44
.inode_permission = apparmor_inode_permission,