diff options
author | John Johansen <john.johansen@canonical.com> | 2022-09-06 06:47:36 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2022-10-04 00:49:04 +0300 |
commit | 1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590 (patch) | |
tree | 5cf7b9f785d46441d3c184a3097659eb7c2574ac /security/apparmor/policy_ns.c | |
parent | 217af7e2f4deb629aaa49622685ccfee923898ca (diff) | |
download | linux-1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590.tar.xz |
apparmor: rework profile->rules to be a list
Convert profile->rules to a list as the next step towards supporting
multiple rulesets in a profile. For this step only support a single
list entry item. The logic for iterating the list will come as a
separate step.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_ns.c')
-rw-r--r-- | security/apparmor/policy_ns.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index cb10994cd3b6..121aa79bccaa 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -83,6 +83,7 @@ const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns) static struct aa_profile *alloc_unconfined(const char *name) { struct aa_profile *profile; + struct aa_ruleset *rules; profile = aa_alloc_profile(name, NULL, GFP_KERNEL); if (!profile) @@ -91,8 +92,9 @@ static struct aa_profile *alloc_unconfined(const char *name) profile->label.flags |= FLAG_IX_ON_NAME_ERROR | FLAG_IMMUTIBLE | FLAG_NS_COUNT | FLAG_UNCONFINED; profile->mode = APPARMOR_UNCONFINED; - profile->rules.file.dfa = aa_get_dfa(nulldfa); - profile->rules.policy.dfa = aa_get_dfa(nulldfa); + rules = list_first_entry(&profile->rules, typeof(*rules), list); + rules->file.dfa = aa_get_dfa(nulldfa); + rules->policy.dfa = aa_get_dfa(nulldfa); return profile; } |