linux/security/apparmor/include
John Johansen c62f2f56e0 apparmor: fix overlapping attachment computation
commit 2504db2071 upstream.

When finding the profile via patterned attachments, the longest left
match is being set to the static compile time value and not using the
runtime computed value.

Fix this by setting the candidate value to the greater of the
precomputed value or runtime computed value.

Fixes: 21f6066105 ("apparmor: improve overlapping domain attachment resolution")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-25 11:40:00 +02:00
..
apparmor.h + Features 2019-12-03 12:51:35 -08:00
apparmorfs.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
audit.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
capability.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
cred.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
crypto.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.h exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds 2020-05-20 14:45:31 -05:00
file.h mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ipc.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
label.h apparmor: Fix memory leak of profile proxy 2020-06-07 13:38:55 -07:00
lib.h apparmor: fix absroot causing audited secids to begin with = 2022-08-25 11:39:59 +02:00
match.h apparmor: add outofband transition and use it in xattr match 2020-01-21 06:00:20 -08:00
mount.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
net.h security: add const qualifier to struct sock in various places 2020-12-03 12:56:03 -08:00
path.h + Features 2019-12-03 12:51:35 -08:00
perms.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
policy_ns.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
policy_unpack.h + Features 2019-12-03 12:51:35 -08:00
policy.h apparmor: fix overlapping attachment computation 2022-08-25 11:40:00 +02:00
procattr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
resource.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
secid.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
sig_names.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
task.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00