Tags

Tags give the ability to mark specific points in history as being important

  • apparmor-pr-2024-11-27

    04b5f0a5 · apparmor: lift new_profile declaration to remove C23 extension warning · 
    * Features
  - extend next/check table to add support for 2^24 states to the
    state machine.
  - rework capability audit cache to use broader cred information
    instead of just the profile. Also add a time stamp so old
    entries can be aged out of the cache.

* Bug Fixes
  - fix 'Do simple duplicate message elimination' to clear previous
    state when updating in capability audit cache
  - Fix memory leak for aa_unpack_strdup()
  - properly handle cx/px lookup failure when in complain mode
  - allocate xmatch for nullpdb inside aa_alloc_null fixing a
    NULL ptr deref of tracking profiles in when in complain mode

* Cleanups
  - Remove everything being reported as deadcode
  - replace misleading 'scrubbing environment' phrase in debug print
  - Remove unnecessary NULL check before kvfree()
  - clean up duplicated parts of handle_onexec()
  - Use IS_ERR_OR_NULL() helper function
  - move new_profile declaration to top of block instead immediately
    after label to remove C23 extension warning

* Documentation
  - add comment to document capability.c:profile_capable ad ptr
    parameter can not be NULL
  - add comment to document first entry is in packed perms struct is
    reserved for future planned expansion.
  - Update LSM/apparmor.rst add blurb for
    CONFIG_DEFAULT_SECURITY_APPARMOR
    Unverified