apparmor: remove advertising the support of network rules from compat iface (Closes: #676515)
svn path=/dists/sid/linux/; revision=19220
This commit is contained in:
Ben Hutchings
parent
d18107b6ac
commit
d9047a7642
|
|
@ -3,6 +3,8 @@ linux (3.2.21-3) UNRELEASED; urgency=low
|
|||
* driver core: remove __must_check from device_create_file
|
||||
(fixes FTBFS on sparc)
|
||||
* i2400m: Disable I2400M_SDIO; hardware did not reach production
|
||||
* apparmor: remove advertising the support of network rules from
|
||||
compat iface (Closes: #676515)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Wed, 27 Jun 2012 02:56:49 +0100
|
||||
|
||||
|
|
|
|||
32
debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch
vendored
Normal file
32
debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch
vendored
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
From 873143ceca69a2e54e7face1be49ad6b5514525d Mon Sep 17 00:00:00 2001
|
||||
From: John Johansen <john.johansen@canonical.com>
|
||||
Date: Tue, 26 Jun 2012 02:12:10 -0700
|
||||
Subject: [PATCH 1/4] apparmor: remove advertising the support of network
|
||||
rules from compat iface
|
||||
|
||||
The interface compatibility patch was advertising support of network rules,
|
||||
however this is not true if the networking patch is not applied. Move
|
||||
advertising of network rules into a third patch that can be applied if
|
||||
both the compatibility and network patches are applied.
|
||||
|
||||
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||||
---
|
||||
security/apparmor/apparmorfs-24.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c
|
||||
index dc8c744..367c7ea 100644
|
||||
--- a/security/apparmor/apparmorfs-24.c
|
||||
+++ b/security/apparmor/apparmorfs-24.c
|
||||
@@ -49,7 +49,7 @@ const struct file_operations aa_fs_matching_fops = {
|
||||
static ssize_t aa_features_read(struct file *file, char __user *buf,
|
||||
size_t size, loff_t *ppos)
|
||||
{
|
||||
- const char features[] = "file=3.1 capability=2.0 network=1.0 "
|
||||
+ const char features[] = "file=3.1 capability=2.0 "
|
||||
"change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1";
|
||||
|
||||
return simple_read_from_buffer(buf, size, ppos, features,
|
||||
--
|
||||
1.7.9.5
|
||||
|
||||
|
|
@ -289,6 +289,7 @@ features/all/codel/0007-fq_codel-should-use-qdisc-backlog-as-threshold.patch
|
|||
|
||||
# AppArmor userland compatibility. This had better be gone in wheezy+1!
|
||||
features/all/AppArmor-compatibility-patch-for-v5-interface.patch
|
||||
bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch
|
||||
|
||||
bugfix/x86/mm-pmd_read_atomic-fix-32bit-pae-pmd-walk-vs-pmd_populate-smp-race.patch
|
||||
bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch
|
||||
|
|
|
|||
Loading…
Reference in New Issue