apparmor: move to per loaddata files, instead of replicating in profiles

The loaddata sets cover more than just a single profile and should be tracked at the ns level. Move the load data files under the namespace and reference the files from the profiles via a symlink. Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
author: John Johansen <john.johansen@canonical.com> 2017-05-09 00:08:41 -0700
committer: John Johansen <john.johansen@canonical.com> 2017-06-08 12:51:49 -0700
commit: 5d5182cae40115c03933989473288e54afb39c7c (patch)
tree: ad17fd4482d130039eb61b62e9c32ef3fa283d04 /security/apparmor/include/policy_ns.h
parent: 6623ec7c4dbe18a5a2878e2d888be70d08a91826 (diff)
download: linux-5d5182cae40115c03933989473288e54afb39c7c.tar.gz
linux-5d5182cae40115c03933989473288e54afb39c7c.tar.bz2
linux-5d5182cae40115c03933989473288e54afb39c7c.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h
index 89cffddd7e75..d7a07ac96168 100644
--- a/security/apparmor/include/policy_ns.h
+++ b/security/apparmor/include/policy_ns.h
@@ -68,6 +68,9 @@ struct aa_ns {
 	atomic_t uniq_null;
 	long uniq_id;
 	int level;
+	long revision;
+
+	struct list_head rawdata_list;
 
 	struct dentry *dents[AAFS_NS_SIZEOF];
 };
author	John Johansen <john.johansen@canonical.com>	2017-05-09 00:08:41 -0700
committer	John Johansen <john.johansen@canonical.com>	2017-06-08 12:51:49 -0700
commit	5d5182cae40115c03933989473288e54afb39c7c (patch)
tree	ad17fd4482d130039eb61b62e9c32ef3fa283d04 /security/apparmor/include/policy_ns.h
parent	6623ec7c4dbe18a5a2878e2d888be70d08a91826 (diff)
download	linux-5d5182cae40115c03933989473288e54afb39c7c.tar.gz linux-5d5182cae40115c03933989473288e54afb39c7c.tar.bz2 linux-5d5182cae40115c03933989473288e54afb39c7c.zip