summaryrefslogtreecommitdiff
path: root/fs/proc
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2019-02-04 05:23:14 -0800
committerJohn Johansen <john.johansen@canonical.com>2020-01-18 15:38:21 -0800
commit6413f852ce086c0f95817012c08d481ce24d8b1a (patch)
tree687db9de0b06cf7392df4f0d99f309a86ecafded /fs/proc
parentdae6029325a4744e639eb048c13f53c24320aeda (diff)
apparmor: add proc subdir to attrs
This patch provides a /proc/<pid>/attr/apparmor/ subdirectory. Enabling userspace to use the apparmor attributes without having to worry about collisions with selinux or smack on interface files in /proc/<pid>/attr. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/base.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index ebea9501afb8..7bc192465e39 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2645,6 +2645,15 @@ static const struct pid_entry smack_attr_dir_stuff[] = {
LSM_DIR_OPS(smack);
#endif
+#ifdef CONFIG_SECURITY_APPARMOR
+static const struct pid_entry apparmor_attr_dir_stuff[] = {
+ ATTR("apparmor", "current", 0666),
+ ATTR("apparmor", "prev", 0444),
+ ATTR("apparmor", "exec", 0666),
+};
+LSM_DIR_OPS(apparmor);
+#endif
+
static const struct pid_entry attr_dir_stuff[] = {
ATTR(NULL, "current", 0666),
ATTR(NULL, "prev", 0444),
@@ -2656,6 +2665,10 @@ static const struct pid_entry attr_dir_stuff[] = {
DIR("smack", 0555,
proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
#endif
+#ifdef CONFIG_SECURITY_APPARMOR
+ DIR("apparmor", 0555,
+ proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops),
+#endif
};
static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)