From d9bf2c268be6064ae0c9980e4c37fdd262c7effc Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 26 May 2017 16:27:58 -0700
Subject: apparmor: add policy revision file interface

Add a policy revision file to find the current revision of a ns's policy.
There is a revision file per ns, as well as a virtualized global revision
file in the base apparmor fs directory. The global revision file when
opened will provide the revision of the opening task namespace.

The revision file can be waited on via select/poll to detect apparmor
policy changes from the last read revision of the opened file. This
means that the revision file must be read after the select/poll other
wise update data will remain ready for reading.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy_ns.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security/apparmor/policy_ns.c')

diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index 7d7c23705be2..f3418a9e59b1 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -101,6 +101,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name)
 	INIT_LIST_HEAD(&ns->sub_ns);
 	INIT_LIST_HEAD(&ns->rawdata_list);
 	mutex_init(&ns->lock);
+	init_waitqueue_head(&ns->wait);
 
 	/* released by aa_free_ns() */
 	ns->unconfined = aa_alloc_profile("unconfined", GFP_KERNEL);
-- 
cgit v1.2.3