parser: emit file pdb with permsv=3 and accept2 |= ACCEPT_FLAG_OWNER

Zygmunt Krynickirequested to merge
zygoon/apparmor:fix/gl-570-owner-flag into master

When permindex is in effect, set the ACCEPT_FLAG_OWNER (aka 1) bit in the accep2 table. The kernel will load the perms table, notice the absence of the accept2 table and then ignore the owner-vs-non-owner distinction when looking up file permissions.

This has the consequence of granting owner permissions, which are at an even state index, to each access, owner and non-owner alike.

The kernel side of the problem (apparmor: synthesize ACCEPT_FLAG_OWNER bits in file pdb) was posted to the AppArmor mailing list.

Separately emit permsv2=3 after the perms structure (with the perms array) along non-empty perms table. This allows the kernel to load the u32 accept2 table and correctly discover and use the owner bit.

Fixes: #570

Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com

Merge request reports