[v1] linux-next: manual merge of the apparmor tree with the security tree

linux-next: manual merge of the apparmor tree with the security tree

Posted by Stephen Rothwell 3 years, 4 months ago

Hi all,

Today's linux-next merge of the apparmor tree got a conflict in:

  security/apparmor/domain.c

between commit:

  f6fbd8cbf3ed ("lsm,fs: fix vfs_getxattr_alloc() return type and caller error paths")

from the security tree and commit:

  217af7e2f4de ("apparmor: refactor profile rules and attachments")

from the apparmor tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/apparmor/domain.c
index 00dc0ec066de,b447bc13ea8e..000000000000
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@@ -308,14 -296,16 +296,15 @@@ static int change_profile_perms(struct 
   * Returns: number of extended attributes that matched, or < 0 on error
   */
  static int aa_xattrs_match(const struct linux_binprm *bprm,
- 			   struct aa_profile *profile, unsigned int state)
+ 			   struct aa_profile *profile, aa_state_t state)
  {
  	int i;
 -	ssize_t size;
  	struct dentry *d;
  	char *value = NULL;
- 	int size, value_size = 0, ret = profile->xattr_count;
+ 	struct aa_attachment *attach = &profile->attach;
 -	int value_size = 0, ret = attach->xattr_count;
++	int size, value_size = 0, ret = attach->xattr_count;
  
- 	if (!bprm || !profile->xattr_count)
+ 	if (!bprm || !attach->xattr_count)
  		return 0;
  	might_sleep();

Re: linux-next: manual merge of the apparmor tree with the security tree

Posted by Paul Moore 3 years, 4 months ago

On Sun, Nov 20, 2022 at 10:27 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the apparmor tree got a conflict in:
>
>   security/apparmor/domain.c
>
> between commit:
>
>   f6fbd8cbf3ed ("lsm,fs: fix vfs_getxattr_alloc() return type and caller error paths")
>
> from the security tree and commit:
>
>   217af7e2f4de ("apparmor: refactor profile rules and attachments")
>
> from the apparmor tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc security/apparmor/domain.c
> index 00dc0ec066de,b447bc13ea8e..000000000000
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@@ -308,14 -296,16 +296,15 @@@ static int change_profile_perms(struct
>    * Returns: number of extended attributes that matched, or < 0 on error
>    */
>   static int aa_xattrs_match(const struct linux_binprm *bprm,
> -                          struct aa_profile *profile, unsigned int state)
> +                          struct aa_profile *profile, aa_state_t state)
>   {
>         int i;
>  -      ssize_t size;
>         struct dentry *d;
>         char *value = NULL;
> -       int size, value_size = 0, ret = profile->xattr_count;
> +       struct aa_attachment *attach = &profile->attach;
>  -      int value_size = 0, ret = attach->xattr_count;
> ++      int size, value_size = 0, ret = attach->xattr_count;
>
> -       if (!bprm || !profile->xattr_count)
> +       if (!bprm || !attach->xattr_count)
>                 return 0;
>         might_sleep();

John's the AppArmor expert, but this looks okay to me.  As a reminder,
the lsm/next commit only changes the type of @size from a ssize_t to
an int type.

-- 
paul-moore.com