apparmor: add special .null file used to "close" fds at exec

Borrow the special null device file from selinux to "close" fds that don't have sufficient permissions at exec time. Signed-off-by: John Johansen <john.johansen@canonical.com>
2017-01-16 00:42:45 -08:00
parent 34c426acb7
commit a71ada3058
3 changed files with 81 additions and 1 deletions
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,8 @@
 #ifndef __AA_APPARMORFS_H
 #define __AA_APPARMORFS_H

+extern struct path aa_null;
+
 enum aa_fs_type {
 	AA_FS_TYPE_BOOLEAN,
 	AA_FS_TYPE_STRING,