diff options
| author |   John Johansen <john.johansen@canonical.com> | 2025-02-16 03:40:52 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2025-05-25 20:15:01 -0700 |
| commit | b1f87be7280ff48794f0fe55c9ca6df9d87d62c5 (patch) | |
| tree | b04fe5642eb17b1cc519a90c4c96cbc6e0d57718 | |
| parent | apparmor: make debug_values_table static (diff) | |
| download | wireguard-linux-b1f87be7280ff48794f0fe55c9ca6df9d87d62c5.tar.xz wireguard-linux-b1f87be7280ff48794f0fe55c9ca6df9d87d62c5.zip | |
apparmor: Document that label must be last member in struct aa_profile
The label struct is variable length. While its use in struct aa_profile
is fixed length at 2 entries the variable length member needs to be
the last member in the structure.
The code already does this but the comment has it in the wrong location.
Also add a comment to ensure it stays at the end of the structure.
While we are at it, update the documentation for other profile members
as well.
Signed-off-by: John Johansen <john.johansen@canonical.com>
| -rw-r--r-- | security/apparmor/include/policy.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index a6ddf3b7478e..a4c0f76fd03d 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -198,7 +198,6 @@ struct aa_attachment { /* struct aa_profile - basic confinement data * @base - base components of the profile (name, refcount, lists, lock ...) - * @label - label this profile is an extension of * @parent: parent of profile * @ns: namespace the profile is in * @rename: optional profile name that this profile renamed @@ -206,13 +205,19 @@ struct aa_attachment { * @audit: the auditing mode of the profile * @mode: the enforcement mode of the profile * @path_flags: flags controlling path generation behavior + * @signal: the signal that should be used when kill is used * @disconnected: what to prepend if attach_disconnected is specified * @attach: attachment rules for the profile * @rules: rules to be enforced * + * learning_cache: the accesses learned in complain mode + * raw_data: rawdata of the loaded profile policy + * hash: cryptographic hash of the profile * @dents: dentries for the profiles file entries in apparmorfs * @dirname: name of the profile dir in apparmorfs + * @dents: set of dentries associated with the profile * @data: hashtable for free-form policy aa_data + * @label - label this profile is an extension of * * The AppArmor profile contains the basic confinement data. Each profile * has a name, and exists in a namespace. The @name and @exec_match are @@ -247,6 +252,8 @@ struct aa_profile { char *dirname; struct dentry *dents[AAFS_PROF_SIZEOF]; struct rhashtable *data; + + /* special - variable length must be last entry in profile */ struct aa_label label; }; |