diff options
| author | Ben Hutchings <benh@debian.org> | 2012-06-27 02:55:55 +0000 |
|---|---|---|
| committer | Ben Hutchings <benh@debian.org> | 2012-06-27 02:55:55 +0000 |
| commit | d9047a7642e624060825a879ec037b8c4240e8f2 (patch) | |
| tree | 901626dc9a752825c02ec4602953b27a71e23d44 | |
| parent | d18107b6ac57cf0c2d089cc8f9f2b1f6f7c9a08e (diff) | |
| download | kernel_replicant_linux-d9047a7642e624060825a879ec037b8c4240e8f2.tar.gz kernel_replicant_linux-d9047a7642e624060825a879ec037b8c4240e8f2.tar.bz2 kernel_replicant_linux-d9047a7642e624060825a879ec037b8c4240e8f2.zip | |
apparmor: remove advertising the support of network rules from compat iface (Closes: #676515)
svn path=/dists/sid/linux/; revision=19220
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch | 32 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 35 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 22ce7b27989e..c3059d73d6d1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ linux (3.2.21-3) UNRELEASED; urgency=low * driver core: remove __must_check from device_create_file (fixes FTBFS on sparc) * i2400m: Disable I2400M_SDIO; hardware did not reach production + * apparmor: remove advertising the support of network rules from + compat iface (Closes: #676515) -- Ben Hutchings <ben@decadent.org.uk> Wed, 27 Jun 2012 02:56:49 +0100 diff --git a/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch b/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch new file mode 100644 index 000000000000..b60242afea99 --- /dev/null +++ b/debian/patches/bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch @@ -0,0 +1,32 @@ +From 873143ceca69a2e54e7face1be49ad6b5514525d Mon Sep 17 00:00:00 2001 +From: John Johansen <john.johansen@canonical.com> +Date: Tue, 26 Jun 2012 02:12:10 -0700 +Subject: [PATCH 1/4] apparmor: remove advertising the support of network + rules from compat iface + +The interface compatibility patch was advertising support of network rules, +however this is not true if the networking patch is not applied. Move +advertising of network rules into a third patch that can be applied if +both the compatibility and network patches are applied. + +Signed-off-by: John Johansen <john.johansen@canonical.com> +--- + security/apparmor/apparmorfs-24.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c +index dc8c744..367c7ea 100644 +--- a/security/apparmor/apparmorfs-24.c ++++ b/security/apparmor/apparmorfs-24.c +@@ -49,7 +49,7 @@ const struct file_operations aa_fs_matching_fops = { + static ssize_t aa_features_read(struct file *file, char __user *buf, + size_t size, loff_t *ppos) + { +- const char features[] = "file=3.1 capability=2.0 network=1.0 " ++ const char features[] = "file=3.1 capability=2.0 " + "change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1"; + + return simple_read_from_buffer(buf, size, ppos, features, +-- +1.7.9.5 + diff --git a/debian/patches/series b/debian/patches/series index d3889f1327ad..ff8d446fe98c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -289,6 +289,7 @@ features/all/codel/0007-fq_codel-should-use-qdisc-backlog-as-threshold.patch # AppArmor userland compatibility. This had better be gone in wheezy+1! features/all/AppArmor-compatibility-patch-for-v5-interface.patch +bugfix/all/apparmor-remove-advertising-the-support-of-network-r.patch bugfix/x86/mm-pmd_read_atomic-fix-32bit-pae-pmd-walk-vs-pmd_populate-smp-race.patch bugfix/x86/thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-pae.patch |