summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-16 00:43:11 -0800
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 01:18:53 -0800
commitca4bd5ae0ae4b7afffbd807d923ea76934512a82 (patch)
tree61bae584086d55011d3ae9a49bfaf6074b05eba4 /security
parentd4669f0b036efd67ec2e00e0adc8f42214c1bdf8 (diff)
downloadlinux-ca4bd5ae0ae4b7afffbd807d923ea76934512a82.tar.gz
linux-ca4bd5ae0ae4b7afffbd807d923ea76934512a82.tar.bz2
linux-ca4bd5ae0ae4b7afffbd807d923ea76934512a82.zip
apparmor: add check for apparmor enabled in module parameters missing it
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/lsm.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c249ea0e6328..fc82ac0247dc 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -750,6 +750,8 @@ static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
{
if (!policy_view_capable(NULL))
return -EPERM;
+ if (!apparmor_enabled)
+ return -EINVAL;
return param_get_bool(buffer, kp);
}
@@ -757,6 +759,8 @@ static int param_set_aabool(const char *val, const struct kernel_param *kp)
{
if (!policy_admin_capable(NULL))
return -EPERM;
+ if (!apparmor_enabled)
+ return -EINVAL;
return param_set_bool(val, kp);
}
@@ -764,6 +768,8 @@ static int param_get_aabool(char *buffer, const struct kernel_param *kp)
{
if (!policy_view_capable(NULL))
return -EPERM;
+ if (!apparmor_enabled)
+ return -EINVAL;
return param_get_bool(buffer, kp);
}
@@ -771,6 +777,8 @@ static int param_set_aauint(const char *val, const struct kernel_param *kp)
{
if (!policy_admin_capable(NULL))
return -EPERM;
+ if (!apparmor_enabled)
+ return -EINVAL;
return param_set_uint(val, kp);
}
@@ -778,6 +786,8 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp)
{
if (!policy_view_capable(NULL))
return -EPERM;
+ if (!apparmor_enabled)
+ return -EINVAL;
return param_get_uint(buffer, kp);
}