apparmor: expose compression level limits in sysfs
authorJon Tourville <jon.tourville@canonical.com>
Mon, 11 Jul 2022 16:36:09 +0000 (11:36 -0500)
committerJohn Johansen <john.johansen@canonical.com>
Mon, 3 Oct 2022 21:49:02 +0000 (14:49 -0700)
Create two new files in apparmor's sysfs:

/sys/kernel/security/apparmor/raw_data_compression_level_min
/sys/kernel/security/apparmor/raw_data_compression_level_max

These correspond to the minimum and maximum zstd compression levels
that can be assigned to the apparmor module parameter
raw_data_compression_level.

Signed-off-by: Jon Tourville <jon.tourville@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/apparmorfs.c

index d98bbf2..044affb 100644 (file)
@@ -1199,10 +1199,24 @@ static int seq_ns_name_show(struct seq_file *seq, void *v)
        return 0;
 }
 
+static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
+{
+       seq_printf(seq, "%d\n", zstd_min_clevel());
+       return 0;
+}
+
+static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
+{
+       seq_printf(seq, "%d\n", zstd_max_clevel());
+       return 0;
+}
+
 SEQ_NS_FOPS(stacked);
 SEQ_NS_FOPS(nsstacked);
 SEQ_NS_FOPS(level);
 SEQ_NS_FOPS(name);
+SEQ_NS_FOPS(compress_min);
+SEQ_NS_FOPS(compress_max);
 
 
 /* policy/raw_data/ * file ops */
@@ -2382,6 +2396,8 @@ static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
        AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
        AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
        AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
+       AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
+       AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
        AA_SFS_DIR("features", aa_sfs_entry_features),
        { }
 };