On Tue, 9 Apr 2019, Kees Cook wrote:
> On Mon, Apr 8, 2019 at 11:21 PM David Rheinsberg
> <david.rheinsb...@gmail.com> wrote:
> >
> > Hi
> >
> > On Mon, Apr 8, 2019 at 6:07 PM Kees Cook <keesc...@chromium.org> wrote:
> > >
> > > Before commit c5459b829b71 ("LSM: Plumb visibility into optional "enabled"
> > > state"), /sys/module/apparmor/parameters/enabled would show "Y" or "N"
> > > since it was using the "bool" handler. After being changed to "int",
> > > this switched to "1" or "0", breaking the userspace AppArmor detection
> > > of dbus-broker. This restores the Y/N output while keeping the LSM
> > > infrastructure happy.
> > >
> > > Before:
> > > $ cat /sys/module/apparmor/parameters/enabled
> > > 1
> > >
> > > After:
> > > $ cat /sys/module/apparmor/parameters/enabled
> > > Y
> > >
> > > Reported-by: David Rheinsberg <david.rheinsb...@gmail.com>
> > > Link:
> > > https://lkml.kernel.org/r/cadydso6k8vyb1eryt4g6+ehrlcvb68gabhvwuulkyjczcyn...@mail.gmail.com
> > > Fixes: c5459b829b71 ("LSM: Plumb visibility into optional "enabled"
> > > state")
> > > Signed-off-by: Kees Cook <keesc...@chromium.org>
> > > ---
> > > This fix, if John is okay with it, is needed in v5.1 to correct the
> > > userspace regression reported by David.
> > > ---
> > > security/apparmor/lsm.c | 49 ++++++++++++++++++++++++++++++++++++++++-
> > > 1 file changed, 48 insertions(+), 1 deletion(-)
> >
> > This looks good to me. Thanks a lot! If this makes v5.1, I will leave
> > the apparmor-detection in dbus-broker as it is, unless someone asks me
> > to parse 0/1 as well?
> >
> > I cannot judge whether the apparmor_initialized check is correct, but
> > for the parameter parsing:
> >
> > Reviewed-by: David Rheinsberg <david.rheinsb...@gmail.com>
>
> Thanks!
>
> James, are you able to take this for v5.1 fixes?
Sure.
--
James Morris
<jmor...@namei.org>
