From d9047a7642e624060825a879ec037b8c4240e8f2 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 27 Jun 2012 02:55:55 +0000 Subject: [PATCH] apparmor: remove advertising the support of network rules from compat iface (Closes: #676515) svn path=/dists/sid/linux/; revision=19220 --- debian/changelog | 2 ++ ...advertising-the-support-of-network-r.patch | 32 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 35 insertions(+) create mode 100644 debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch diff --git a/debian/changelog b/debian/changelog index 22ce7b279..c3059d73d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ linux (3.2.21-3) UNRELEASED; urgency=low * driver core: remove __must_check from device_create_file (fixes FTBFS on sparc) * i2400m: Disable I2400M_SDIO; hardware did not reach production + * apparmor: remove advertising the support of network rules from + compat iface (Closes: #676515) -- Ben Hutchings Wed, 27 Jun 2012 02:56:49 +0100 diff --git a/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch b/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch new file mode 100644 index 000000000..b60242afe --- /dev/null +++ b/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch @@ -0,0 +1,32 @@ +From 873143ceca69a2e54e7face1be49ad6b5514525d Mon Sep 17 00:00:00 2001 +From: John Johansen +Date: Tue, 26 Jun 2012 02:12:10 -0700 +Subject: [PATCH 1/4] apparmor: remove advertising the support of network + rules from compat iface + +The interface compatibility patch was advertising support of network rules, +however this is not true if the networking patch is not applied. Move +advertising of network rules into a third patch that can be applied if +both the compatibility and network patches are applied. + +Signed-off-by: John Johansen +--- + security/apparmor/apparmorfs-24.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c +index dc8c744..367c7ea 100644 +--- a/security/apparmor/apparmorfs-24.c ++++ b/security/apparmor/apparmorfs-24.c +@@ -49,7 +49,7 @@ const struct file_operations aa_fs_matching_fops = { + static ssize_t aa_features_read(struct file *file, char __user *buf, + size_t size, loff_t *ppos) + { +- const char features[] = "file=3.1 capability=2.0 network=1.0 " ++ const char features[] = "file=3.1 capability=2.0 " + "change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1"; + + return simple_read_from_buffer(buf, size, ppos, features, +-- +1.7.9.5 + diff --git a/debian/patches/series b/debian/patches/series index d3889f132..ff8d446fe 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -289,6 +289,7 @@ features/all/codel/0007-fq_codel-should-use-qdisc-backlog-as-threshold.patch # AppArmor userland compatibility. This had better be gone in wheezy+1! features/all/AppArmor-compatibility-patch-for-v5-interface.patch +bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch bugfix/x86/mm-pmd_read_atomic-fix-32bit-pae-pmd-walk-vs-pmd_populate-smp-race.patch bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch