- 29 Feb, 2016 27 commits
-
-
Andy Whitcroft authored
Initial updates to get past the annotation checks. CONFIG_BLK_DEV_DM=y CONFIG_BLK_DEV_RAM_SIZE=65536 CONFIG_FAT_FS=y CONFIG_LSM_MMAP_MIN_ADDR=0 CONFIG_NETLABEL=y CONFIG_SECURITY_SMACK=y CONFIG_VFAT_FS=y CONFIG_CRASH_DUMP=y CONFIG_ECRYPT_FS=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_CBC=y CONFIG_ENCRYPTED_KEYS=y CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_OF is not set Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
BugLink: http://bugs.launchpad.net/bugs/1488653Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 019499429e25c5845a9ff9019819dc91010374fd) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
When adding a module via an inclusion list, add any specific dependencies it lists. Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Andy Whitcroft authored
We are seeing requests for the OSS support to be reenabled, it seems that it is needed for old games. We do not want it loading by default so use the new blacklist support to suppress autoloading. This should bring us into line with other distros where manual loading is required. BugLink: http://bugs.launchpad.net/bugs/1434842Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1121699Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
This reverts commit 2f3a4219e605b5ba4d83f3786abb9dac7148fae0. Seems like this causes symbol resolution problems. Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
upstream: No. This is a fix to an out of tree apparmor 3 patch BugLink: http://bugs.launchpad.net/bugs/1496430 Mount rules are not honoring the attach_disconnected flag, causing apparmor to deny mounts for lxc and docker even when the appropriate rule exists in the profile. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
Fix for out of tree AppArmor 3 patches. BugLink: http://bugs.launchpad.net/bugs/1408833 Fix 2 issues around the mediation of file base unix domain sockets. * Add auditing of deleted/shutdown file based unix domains sockets so that the denials can be correctly evalated. * fix the permission request mask so that it is correct for the deleted/shutdown socket case. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
the unix_addr_fs macro should not check for a leading /, instead it should be checking for the addr not being an abstract socket addr (leading \0) BugLink: http://bugs.launchpad.net/bugs/1390223Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
Revert the enforcement of only a single thread tasks using change_onexec. While this change prevents applications from using change_onexec in a potentially broken way (it can be done right but the application code using it needs to be carefully audited), it does restrict historically allowed behavior. Specifically this change is causes docker to fail, and needs to be reverted until it can be selectively applied with policy changes. BugLink: http://bugs.launchpad.net/bugs/1371310Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
This is a sync and squash to the apparmor 3 RC 1 development snapshot. The set of patches in this squash are available at the apparmor-3.RC1 tag in git://kernel.ubuntu.com/jj/ubuntu-utopic.git. This cleans up several functions over the alpha6 sync, and includes multiple bug fixes. In addition it picks up - new network mediation - fine grained mediation of all unix socket types BugLink: http://bugs.launchpad.net/bugs/1362199Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
John Johansen authored
BugLink: http://bugs.launchpad.net/bugs/1383886Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Andy Whitcroft authored
Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
- 26 Feb, 2016 13 commits
-
-
Tim Gardner authored
Depends on UBUNTU: SPL/ZFS: Add Makefiles in order to avoid the lengthy config Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1511006Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1509881Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Lukas Wunner authored
Commit torvalds/linux@4246a0b63bd8f56a1469b12eafeb875b1041a451 ("block: add a bi_error field to struct bio") dropped the error argument from bio_endio in favor of newly introduced bio->bi_error. This also replaces bio->bi_flags value BIO_UPTODATE. bio_endio was a 3 argument function until Linux 2.6.24, which made it a 2 argument function, and now the prototype has changed yet again to a 1 argument function. Support for pre 2.6.24 kernels was already dropped with 37f9dac592bf ("zvol processing should use struct bio") which assumed the 2 argument version in zvol_request(). Remaining code to support the 3 argument version is hereby removed. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Lukas Wunner <lukas@wunner.de> Issue #3799
-
Brian Behlendorf authored
The misc_deregister() function was changed to a void return type. Rather than add compatibility code to detect this change simply ignore the return code on all kernels. It was only used to log an informational error message of no real value. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
-
Brian Behlendorf authored
The misc_deregister() function was changed to a void return type. Rather than add compatibility code to detect this change simply ignore the return code on all kernels. It was only used to log an informational error message of no real value. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1509881Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-