Update the apparmorfs introspection interface to reflect that mount rules are available. As part of this change the namespace entry from a binary file to a directory so it can store interface information for operations that affect the namespace like pivot_root.
Signed-off-by: John Johansen <[email protected]> --- security/apparmor/apparmorfs.c | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 0cbbfab..d30aa11 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -429,11 +429,22 @@ static struct aa_fs_entry aa_fs_entry_network[] = { { } }; +static struct aa_fs_entry aa_fs_entry_mount[] = { + AA_FS_FILE_STRING("mask", "mount umount"), + { } +}; + +static struct aa_fs_entry aa_fs_entry_namespaces[] = { + AA_FS_FILE_BOOLEAN("profile", 1), + AA_FS_FILE_BOOLEAN("pivot_root", 1), +}; + static struct aa_fs_entry aa_fs_entry_features[] = { AA_FS_DIR("domain", aa_fs_entry_domain), AA_FS_DIR("file", aa_fs_entry_file), + AA_FS_DIR("mount", aa_fs_entry_mount), AA_FS_DIR("network", aa_fs_entry_network), - AA_FS_FILE_BOOLEAN("namespaces", 1), + AA_FS_DIR("namespaces", aa_fs_entry_namespaces), AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), AA_FS_DIR("rlimit", aa_fs_entry_rlimit), { } -- 1.7.9 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
