On 4/9/19 1:11 PM, James Morris wrote:
> On Tue, 9 Apr 2019, Kees Cook wrote:
>
>> On Mon, Apr 8, 2019 at 11:21 PM David Rheinsberg
>> <david.rheinsb...@gmail.com> wrote:
>>>
>>> Hi
>>>
>>> On Mon, Apr 8, 2019 at 6:07 PM Kees Cook <keesc...@chromium.org> wrote:
>>>>
>>>> Before commit c5459b829b71 ("LSM: Plumb visibility into optional "enabled"
>>>> state"), /sys/module/apparmor/parameters/enabled would show "Y" or "N"
>>>> since it was using the "bool" handler. After being changed to "int",
>>>> this switched to "1" or "0", breaking the userspace AppArmor detection
>>>> of dbus-broker. This restores the Y/N output while keeping the LSM
>>>> infrastructure happy.
>>>>
>>>> Before:
>>>> $ cat /sys/module/apparmor/parameters/enabled
>>>> 1
>>>>
>>>> After:
>>>> $ cat /sys/module/apparmor/parameters/enabled
>>>> Y
>>>>
>>>> Reported-by: David Rheinsberg <david.rheinsb...@gmail.com>
>>>> Link:
>>>> https://lkml.kernel.org/r/cadydso6k8vyb1eryt4g6+ehrlcvb68gabhvwuulkyjczcyn...@mail.gmail.com
>>>> Fixes: c5459b829b71 ("LSM: Plumb visibility into optional "enabled" state")
>>>> Signed-off-by: Kees Cook <keesc...@chromium.org>
>>>> ---
>>>> This fix, if John is okay with it, is needed in v5.1 to correct the
>>>> userspace regression reported by David.
>>>> ---
>>>> security/apparmor/lsm.c | 49 ++++++++++++++++++++++++++++++++++++++++-
>>>> 1 file changed, 48 insertions(+), 1 deletion(-)
>>>
>>> This looks good to me. Thanks a lot! If this makes v5.1, I will leave
>>> the apparmor-detection in dbus-broker as it is, unless someone asks me
>>> to parse 0/1 as well?
>>>
>>> I cannot judge whether the apparmor_initialized check is correct, but
>>> for the parameter parsing:
>>>
>>> Reviewed-by: David Rheinsberg <david.rheinsb...@gmail.com>
>>
>> Thanks!
>>
>> James, are you able to take this for v5.1 fixes?
>
> Actually, JJ usually submits directly to Linus.
>
yeah, I can push this up
