← Back to branch summary

~ubuntu-branches/ubuntu/precise/apparmor/precise-security

« back to all changes in this revision

Viewing changes to parser/mount.c

  • Committer: Package Import Robot
  • Author(s): Steve Beattie, Jamie Strandboge, Serge Hallyn, Steve Beattie
  • Date: 2012-04-12 06:17:42 UTC
  • Revision ID: package-import@ubuntu.com-20120412061742-9v75hjko2mjtbewv
Tags: 2.7.102-0ubuntu3
https://launchpad.net/bugs/974089
https://launchpad.net/bugs/978297
https://launchpad.net/bugs/963756
https://launchpad.net/bugs/959560
https://launchpad.net/bugs/872446
https://launchpad.net/bugs/978584
https://launchpad.net/bugs/800826
https://launchpad.net/bugs/979095
https://launchpad.net/bugs/963756
https://launchpad.net/bugs/978038
https://launchpad.net/bugs/968956
https://launchpad.net/bugs/979135
[ Jamie Strandboge ]
* debian/patches/0007-ubuntu-manpage-updates.patch: update apparmor(5)
  to describe Ubuntu's two-stage policy load and how to add utilize it
  when developing policy (LP: #974089)

[ Serge Hallyn ]
* debian/apparmor.init: do nothing in a container.  This can be
  removed once stacked profiles are supported and used by lxc.
  (LP: #978297)

[ Steve Beattie ]
* debian/patches/0008-apparmor-lp963756.patch: Fix permission mapping
  for change_profile onexec (LP: #963756)
* debian/patches/0009-apparmor-lp959560-part1.patch,
  debian/patches/0010-apparmor-lp959560-part2.patch: Update the parser
  to support the 'in' keyword for value lists, and make mount
  operations aware of 'in' keyword so they can affect the flags build
  list (LP: #959560)
* debian/patches/0011-apparmor-lp872446.patch: fix logprof missing
  exec events in complain mode (LP: #872446)
* debian/patches/0012-apparmor-lp978584.patch: allow inet6 access in
  dovecot imap-login profile (LP: #978584)
* debian/patches/0013-apparmor-lp800826.patch: fix libapparmor
  log parsing library from dropping apparmor network events that
  contain ip addresses or ports in them (LP: #800826)
* debian/patches/0014-apparmor-lp979095.patch: document new mount rule
  syntax and usage in apparmor.d(5) manpage (LP: #979095)
* debian/patches/0015-apparmor-lp963756.patch: Fix change_onexec
  for profiles without attachment specification (LP: #963756,
  LP: #978038)
* debian/patches/0016-apparmor-lp968956.patch: Fix protocol error when
  loading policy to kernels without compat patches (LP: #968956)
* debian/patches/0017-apparmor-lp979135.patch: Fix change_profile to
  grant access to /proc/attr api (LP: #979135)

Show diffs side-by-side

added added

removed removed

Lines of Context:
parser/mount.c
362
362
        return list;
363
363
}
364
364
 
365
 
static struct value_list *extract_options(struct cond_entry **conds)
 
365
static struct value_list *extract_options(struct cond_entry **conds, int eq)
366
366
{
367
367
        struct value_list *list = NULL;
368
368
 
369
369
        struct cond_entry *entry, *tmp, *prev = NULL;
370
370
 
371
371
        list_for_each_safe(*conds, entry, tmp) {
372
 
                if (strcmp(entry->name, "options") == 0 ||
373
 
                    strcmp(entry->name, "option") == 0) {
 
372
                if ((strcmp(entry->name, "options") == 0 ||
 
373
                     strcmp(entry->name, "option") == 0) &&
 
374
                    entry->eq == eq) {
374
375
                        if (prev)
375
376
                                prev->next = tmp;
376
377
                        if (entry == *conds)
402
403
                ent->dev_type = extract_fstype(&src_conds);
403
404
 
404
405
                ent->flags = 0;
 
406
                ent->inv_flags = 0;
405
407
 
406
408
                if (src_conds) {
407
 
                        ent->opts = extract_options(&src_conds);
 
409
                        unsigned int flags = 0, inv_flags = 0;
 
410
                        struct value_list *list = extract_options(&src_conds, 0);
 
411
 
 
412
                        ent->opts = extract_options(&src_conds, 1);
408
413
                        if (ent->opts)
409
414
                                ent->flags = extract_flags(&ent->opts,
410
415
                                                           &ent->inv_flags);
 
416
 
 
417
                        if (list) {
 
418
                                flags = extract_flags(&list, &inv_flags);
 
419
                                /* these flags are optional so set both */
 
420
                                flags |= inv_flags;
 
421
                                inv_flags |= flags;
 
422
 
 
423
                                ent->flags |= flags;
 
424
                                ent->inv_flags |= inv_flags;
 
425
 
 
426
                                if (ent->opts)
 
427
                                        list_append(ent->opts, list);
 
428
                                else if (list)
 
429
                                        ent->opts = list;
 
430
                        }
411
431
                }
412
432
 
413
433
                if (allow & AA_DUMMY_REMOUNT) {