| Message ID | 20221021004604.188986-1-xiujianfeng@huawei.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [v2] apparmor: Use pointer to struct aa_label for lbs_cred | expand |
On 10/20/22 17:46, Xiu Jianfeng wrote: > According to the implementations of cred_label() and set_cred_label(), > we should use pointer to struct aa_label for lbs_cred instead of struct > aa_task_ctx, this patch fixes it. > > Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob") > Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> > yep, thanks I will pull this into my tree Acked-by: John Johansen <john.johansen@canonical.com> > --- > V2: fixes the comment too > --- > security/apparmor/lsm.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index f56070270c69..1e2f40db15c5 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1194,10 +1194,10 @@ static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb > #endif > > /* > - * The cred blob is a pointer to, not an instance of, an aa_task_ctx. > + * The cred blob is a pointer to, not an instance of, an aa_label. > */ > struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { > - .lbs_cred = sizeof(struct aa_task_ctx *), > + .lbs_cred = sizeof(struct aa_label *), > .lbs_file = sizeof(struct aa_file_ctx), > .lbs_task = sizeof(struct aa_task_ctx), > };
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f56070270c69..1e2f40db15c5 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1194,10 +1194,10 @@ static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb #endif /* - * The cred blob is a pointer to, not an instance of, an aa_task_ctx. + * The cred blob is a pointer to, not an instance of, an aa_label. */ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { - .lbs_cred = sizeof(struct aa_task_ctx *), + .lbs_cred = sizeof(struct aa_label *), .lbs_file = sizeof(struct aa_file_ctx), .lbs_task = sizeof(struct aa_task_ctx), };
According to the implementations of cred_label() and set_cred_label(), we should use pointer to struct aa_label for lbs_cred instead of struct aa_task_ctx, this patch fixes it. Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- V2: fixes the comment too --- security/apparmor/lsm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)