diff options
author | John Johansen <john.johansen@canonical.com> | 2023-03-16 16:04:17 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2023-07-09 17:31:11 -0700 |
commit | 180cf257998c5f136f76b8899ef6ec57b410680b (patch) | |
tree | ba17958c309141b61bff4ea0ce7b97b7426a698f /security/apparmor | |
parent | 8de4a7de1950e88c233b105faf24666db348e65a (diff) |
apparmor: advertise availability of exended perms
Userspace won't load policy using extended perms unless it knows the
kernel can handle them. Advertise that extended perms are supported in
the feature set.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Jon Tourville <jontourville@me.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/apparmorfs.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index db7a51acf9db..0e8d690c911b 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -2348,11 +2348,14 @@ static struct aa_sfs_entry aa_sfs_entry_versions[] = { { } }; +#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label" static struct aa_sfs_entry aa_sfs_entry_policy[] = { AA_SFS_DIR("versions", aa_sfs_entry_versions), AA_SFS_FILE_BOOLEAN("set_load", 1), /* number of out of band transitions supported */ AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED), + AA_SFS_FILE_U64("permstable32_version", 1), + AA_SFS_FILE_STRING("permstable32", PERMS32STR), { } }; |