aboutsummaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2011-06-25 16:57:07 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2011-08-04 21:58:42 -0700
commit06b943855b6dbcc8cb3cdca954c19711ce7b76b6 (patch)
treeae04be0c7f6a25212609181bc478347297b85b4c /security/apparmor
parent0635a74b4ab037ed0c6d628d9cc737b949a15731 (diff)
downloadkernel_samsung_smdk4412-06b943855b6dbcc8cb3cdca954c19711ce7b76b6.zip
kernel_samsung_smdk4412-06b943855b6dbcc8cb3cdca954c19711ce7b76b6.tar.gz
kernel_samsung_smdk4412-06b943855b6dbcc8cb3cdca954c19711ce7b76b6.tar.bz2
AppArmor: Fix masking of capabilities in complain mode
commit 25e75dff519bcce2cb35023105e7df51d7b9e691 upstream. AppArmor is masking the capabilities returned by capget against the capabilities mask in the profile. This is wrong, in complain mode the profile has effectively all capabilities, as the profile restrictions are not being enforced, merely tested against to determine if an access is known by the profile. This can result in the wrong behavior of security conscience applications like sshd which examine their capability set, and change their behavior accordingly. In this case because of the masked capability set being returned sshd fails due to DAC checks, even when the profile is in complain mode. Kernels affected: 2.6.36 - 3.0. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/lsm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3d2fd14..3783202 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -127,7 +127,7 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
*inheritable = cred->cap_inheritable;
*permitted = cred->cap_permitted;
- if (!unconfined(profile)) {
+ if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
*effective = cap_intersect(*effective, profile->caps.allow);
*permitted = cap_intersect(*permitted, profile->caps.allow);
}