<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/next/linux-next.git/security/apparmor/domain.c, branch stable</title>
<subtitle>The linux-next integration testing tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/atom?h=stable</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/atom?h=stable'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/'/>
<updated>2026-06-14T03:20:13+00:00</updated>
<entry>
<title>security: apparmor: fix two spelling mistakes</title>
<updated>2026-06-14T03:20:13+00:00</updated>
<author>
<name>Qingshuang Fu</name>
<email>fuqingshuang@kylinos.cn</email>
</author>
<published>2026-05-26T01:38:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=3e4ca50ee4d88642afa38815775e1ffa90e8dd0b'/>
<id>urn:sha1:3e4ca50ee4d88642afa38815775e1ffa90e8dd0b</id>
<content type='text'>
Fix two spelling errors in comment:
- interated  →  interacted
- dont      →  don't

Signed-off-by: Qingshuang Fu &lt;fuqingshuang@kylinos.cn&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: change fn_label_build() call to not return NULL</title>
<updated>2026-06-14T03:14:07+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2026-02-17T15:54:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ed7cc1c6f240a0c2838c0617afb2b0466edd236f'/>
<id>urn:sha1:ed7cc1c6f240a0c2838c0617afb2b0466edd236f</id>
<content type='text'>
Previously fn_label_build() was accepting a NULL which represented
ENOMEM return and ERR_PTR for errors.

Clean this up by requiring the cb fn to return an ERR_PTR or valid
value.

Reviewed-by: Georgia Garcia &lt;georgia.garcia@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: grab ns lock and refresh when looking up changehat child profiles</title>
<updated>2026-06-14T03:14:07+00:00</updated>
<author>
<name>Ryan Lee</name>
<email>ryan.lee@canonical.com</email>
</author>
<published>2026-02-13T19:29:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=32e92764d6f8d251c1bca62be33793287b453a81'/>
<id>urn:sha1:32e92764d6f8d251c1bca62be33793287b453a81</id>
<content type='text'>
There was a race condition involving change_hat and profile replacement in
which replacement of the parent profile during a changehat operation could
result in the list of children becoming empty and the changehat operation
failing. To prevent this:
 - grab the namespace lock until we've built the hat transition, and
 - use aa_get_newest_profile to avoid using stale profile objects.

Link: https://bugs.launchpad.net/bugs/2139664
Fixes: 89dbf1962aa63 ("apparmor: move change_hat mediation to using labels")
Reviewed-by: Georgia Garcia &lt;georgia.garcia@canonical.com&gt;
Signed-off-by: Ryan Lee &lt;ryan.lee@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: check label build before no_new_privs test</title>
<updated>2026-06-14T03:14:06+00:00</updated>
<author>
<name>Ruoyu Wang</name>
<email>ruoyuw560@gmail.com</email>
</author>
<published>2026-06-08T06:36:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a58cafd38b46fb1a2220e2fbbcfe291ea75fa147'/>
<id>urn:sha1:a58cafd38b46fb1a2220e2fbbcfe291ea75fa147</id>
<content type='text'>
aa_change_profile() builds a replacement label with
fn_label_build_in_scope() before the no_new_privs subset check. The build
helper can fail and return NULL or an ERR_PTR, but the result was passed
to aa_label_is_unconfined_subset() before the existing IS_ERR_OR_NULL()
check.

Reuse the existing target-label build failure handling immediately after
the build. This preserves the current audit handling while preventing the
subset helper from dereferencing an invalid label.

Fixes: e00b02bb6ac2a ("apparmor: move change_profile mediation to using labels")
Signed-off-by: Ruoyu Wang &lt;ruoyuw560@gmail.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: split xxx_in_ns into its two separate semantic use cases</title>
<updated>2026-01-29T09:27:55+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2025-12-25T09:21:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=796c146fa6c8289afc9e18004c21bfe05c75a487'/>
<id>urn:sha1:796c146fa6c8289afc9e18004c21bfe05c75a487</id>
<content type='text'>
This patch doesn't change current functionality, it switches the two
uses of the in_ns fns and macros into the two semantically different
cases they are used for.

xxx_in_scope for checking mediation interaction between profiles
xxx_in_view to determine which profiles are visible.The scope will
always be a subset of the view as profiles that can not see each
other can not interact.

The split can not be completely done for label_match because it has to
distinct uses matching permission against label in scope, and checking
if a transition to a profile is allowed. The transition to a profile
can include profiles that are in view but not in scope, so retain this
distinction as a parameter.

While at the moment the two uses are very similar, in the future there
will be additional differences. So make sure the semantics differences
are present in the code.

Reviewed-by: Georgia Garcia &lt;georgia.garcia@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: make str table more generic and be able to have multiple entries</title>
<updated>2026-01-22T12:56:39+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2025-08-01T09:21:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=c140dcd1246bfe705921ca881bbb247ff1ba2bca'/>
<id>urn:sha1:c140dcd1246bfe705921ca881bbb247ff1ba2bca</id>
<content type='text'>
The strtable is currently limited to a single entry string on unpack
even though domain has the concept of multiple entries within it. Make
this a reality as it will be used for tags and more advanced domain
transitions.

Reviewed-by: Georgia Garcia &lt;georgia.garcia@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: transition from a list of rules to a vector of rules</title>
<updated>2025-07-20T09:31:06+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2025-02-17T09:46:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=9afdc6abb007d5a86f54e9f10870ac1468155ca5'/>
<id>urn:sha1:9afdc6abb007d5a86f54e9f10870ac1468155ca5</id>
<content type='text'>
The set of rules on a profile is not dynamically extended, instead
if a new ruleset is needed a new version of the profile is created.
This allows us to use a vector of rules instead of a list, slightly
reducing memory usage and simplifying the code.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: remove redundant perms.allow MAY_EXEC bitflag set</title>
<updated>2025-07-20T09:19:28+00:00</updated>
<author>
<name>Ryan Lee</name>
<email>ryan.lee@canonical.com</email>
</author>
<published>2025-06-23T21:58:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ce7d3cf5ad846a8843f8afc78de2a8309f74f12'/>
<id>urn:sha1:4ce7d3cf5ad846a8843f8afc78de2a8309f74f12</id>
<content type='text'>
This section of profile_transition that occurs after x_to_label only
happens if perms.allow already has the MAY_EXEC bit set, so we don't need
to set it again.

Fixes: 16916b17b4f8 ("apparmor: force auditing of conflicting attachment execs from confined")
Signed-off-by: Ryan Lee &lt;ryan.lee@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: force auditing of conflicting attachment execs from confined</title>
<updated>2025-05-26T03:15:01+00:00</updated>
<author>
<name>Ryan Lee</name>
<email>ryan.lee@canonical.com</email>
</author>
<published>2025-05-02T00:55:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=16916b17b4f80f99aad2ad29ad112313539ad219'/>
<id>urn:sha1:16916b17b4f80f99aad2ad29ad112313539ad219</id>
<content type='text'>
Conflicting attachment paths are an error state that result in the
binary in question executing under an unexpected ix/ux fallback. As such,
it should be audited to record the occurrence of conflicting attachments.

Signed-off-by: Ryan Lee &lt;ryan.lee@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
<entry>
<title>apparmor: include conflicting attachment info for confined ix/ux fallback</title>
<updated>2025-05-26T03:15:01+00:00</updated>
<author>
<name>Ryan Lee</name>
<email>ryan.lee@canonical.com</email>
</author>
<published>2025-05-02T00:55:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b824b5f82bbc8ace0982391a1718b04a1f93346e'/>
<id>urn:sha1:b824b5f82bbc8ace0982391a1718b04a1f93346e</id>
<content type='text'>
Instead of silently overwriting the conflicting profile attachment string,
include that information in the ix/ux fallback string that gets set as info
instead. Also add a warning print if some other info is set that would be
overwritten by the ix/ux fallback string or by the profile not found error.

Signed-off-by: Ryan Lee &lt;ryan.lee@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
</entry>
</feed>
