These two sysctls used to be INTPTRs, before being changed to BOOLEANs.
Now that their values are hardcoded, switch to the new BOOLEAN_INTPRINT
type to preserve backwards compatibility upon reads of the values.
Before this patchset:
$ cat
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
yes
After this patchset (matching the old behavior):
$ cat
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
1
Signed-off-by: Ryan Lee <ryan....@canonical.com>
---
security/apparmor/apparmorfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 92f034f369c2..bcbeb5cfb396 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2590,8 +2590,11 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
AA_SFS_FILE_BOOLEAN("change_profile", 1),
- AA_SFS_FILE_BOOLEAN("userns", 1),
- AA_SFS_FILE_BOOLEAN("io_uring", 1),
+ /* Retain backwards compatibility with Ubuntu userspace
+ * code that is expecting integer values for these sysctls
+ */
+ AA_SFS_FILE_BOOLEAN_INTPRINT("userns", 1),
+ AA_SFS_FILE_BOOLEAN_INTPRINT("io_uring", 1),
{ }
};
--
2.43.0
base-kernel: Ubuntu-6.14.0-7.7
target: Ubuntu-kernel
