public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-18 22:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: Document that label must be last member in struct aa_profile

Browse source 
The label struct is variable length. While its use in struct aa_profile
is fixed length at 2 entries the variable length member needs to be
the last member in the structure.

The code already does this but the comment has it in the wrong location.
Also add a comment to ensure it stays at the end of the structure.

While we are at it, update the documentation for other profile members
as well.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2025-02-16 03:40:52 -08:00
parent 4c0dc425fd
commit b1f87be728
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
security/apparmor/include/policy.h
View file

@ -198,7 +198,6 @@ struct aa_attachment {
/* struct aa_profile - basic confinement data /* struct aa_profile - basic confinement data
* @base - base components of the profile (name, refcount, lists, lock ...) * @base - base components of the profile (name, refcount, lists, lock ...)
* @label - label this profile is an extension of
* @parent: parent of profile * @parent: parent of profile
* @ns: namespace the profile is in * @ns: namespace the profile is in
* @rename: optional profile name that this profile renamed * @rename: optional profile name that this profile renamed
@ -206,13 +205,19 @@ struct aa_attachment {
* @audit: the auditing mode of the profile * @audit: the auditing mode of the profile
* @mode: the enforcement mode of the profile * @mode: the enforcement mode of the profile
* @path_flags: flags controlling path generation behavior * @path_flags: flags controlling path generation behavior
* @signal: the signal that should be used when kill is used
* @disconnected: what to prepend if attach_disconnected is specified * @disconnected: what to prepend if attach_disconnected is specified
* @attach: attachment rules for the profile * @attach: attachment rules for the profile
* @rules: rules to be enforced * @rules: rules to be enforced
* *
* learning_cache: the accesses learned in complain mode
* raw_data: rawdata of the loaded profile policy
* hash: cryptographic hash of the profile
* @dents: dentries for the profiles file entries in apparmorfs * @dents: dentries for the profiles file entries in apparmorfs
* @dirname: name of the profile dir in apparmorfs * @dirname: name of the profile dir in apparmorfs
* @dents: set of dentries associated with the profile
* @data: hashtable for free-form policy aa_data * @data: hashtable for free-form policy aa_data
* @label - label this profile is an extension of
* *
* The AppArmor profile contains the basic confinement data. Each profile * The AppArmor profile contains the basic confinement data. Each profile
* has a name, and exists in a namespace. The @name and @exec_match are * has a name, and exists in a namespace. The @name and @exec_match are
@ -247,6 +252,8 @@ struct aa_profile {
char *dirname; char *dirname;
struct dentry *dents[AAFS_PROF_SIZEOF]; struct dentry *dents[AAFS_PROF_SIZEOF];
struct rhashtable *data; struct rhashtable *data;
/* special - variable length must be last entry in profile */
struct aa_label label; struct aa_label label;
}; };