apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled
Currently if sha1 hashing of policy is disabled a sha1 hash symlink to the non-existent file is created. There is now reason to create the symlink in this case so don't do it. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
Родитель
5bfcbd22ee
Коммит
482e8050aa
|
|
@ -1736,6 +1736,7 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
|
||||||
|
|
||||||
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
|
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
|
||||||
if (profile->rawdata) {
|
if (profile->rawdata) {
|
||||||
|
if (aa_g_hash_policy) {
|
||||||
dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir,
|
dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir,
|
||||||
profile->label.proxy, NULL, NULL,
|
profile->label.proxy, NULL, NULL,
|
||||||
&rawdata_link_sha1_iops);
|
&rawdata_link_sha1_iops);
|
||||||
|
|
@ -1743,7 +1744,7 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
|
||||||
goto fail;
|
goto fail;
|
||||||
aa_get_proxy(profile->label.proxy);
|
aa_get_proxy(profile->label.proxy);
|
||||||
profile->dents[AAFS_PROF_RAW_HASH] = dent;
|
profile->dents[AAFS_PROF_RAW_HASH] = dent;
|
||||||
|
}
|
||||||
dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
|
dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
|
||||||
profile->label.proxy, NULL, NULL,
|
profile->label.proxy, NULL, NULL,
|
||||||
&rawdata_link_abi_iops);
|
&rawdata_link_abi_iops);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче