"651e28c5537abb39076d3949fb7618536f1d242e" (history) in projects: linux

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:"651 e28c5537abb39076d3949fb7618536f1d242e" (Results 1 – 12 of 12) sorted by relevance

/linux/security/apparmor/
H A D	.gitignore	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	Makefile	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	lib.c	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	net.c	651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	file.c	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	policy_unpack.c	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	apparmorfs.c	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	lsm.c	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
/linux/security/apparmor/include/
H A D	perms.h	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	audit.h	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	policy.h	diff 80c094a47dd4ea63375e3f60b5e076064f16e857 Thu Oct 26 19:35:35 CEST 2017 Linus Torvalds <torvalds@linux-foundation.org> Revert "apparmor: add base infastructure for socket mediation" This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e. This caused a regression: "The specific problem is that dnsmasq refuses to start on openSUSE Leap 42.2. The specific cause is that and attempt to open a PF_LOCAL socket gets EACCES. This means that networking doesn't function on a system with a 4.14-rc2 system." Sadly, the developers involved seemed to be in denial for several weeks about this, delaying the revert. This has not been a good release for the security subsystem, and this area needs to change development practices. Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com> Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info> Cc: John Johansen <john.johansen@canonical.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff 651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
H A D	net.h	651e28c5537abb39076d3949fb7618536f1d242e Wed Jul 19 08:18:33 CEST 2017 John Johansen <john.johansen@canonical.com> apparmor: add base infastructure for socket mediation Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>