apparmor: export that basic profile namespaces are supported

Allow userspace to detect that basic profile policy namespaces are
available.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 2298450..853c2ec 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2151,6 +2151,12 @@ static struct aa_sfs_entry aa_sfs_entry_policy[] = {
        { }
 };
 
+static struct aa_sfs_entry aa_sfs_entry_ns[] = {
+       AA_SFS_FILE_BOOLEAN("profile",          1),
+       AA_SFS_FILE_BOOLEAN("pivot_root",       1),
+       { }
+};
+
 static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
        AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
        AA_SFS_FILE_BOOLEAN("data",             1),
@@ -2166,6 +2172,7 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
        AA_SFS_DIR("policy",                    aa_sfs_entry_policy),
        AA_SFS_DIR("domain",                    aa_sfs_entry_domain),
        AA_SFS_DIR("file",                      aa_sfs_entry_file),
+       AA_SFS_DIR("namespaces",                aa_sfs_entry_ns),
        AA_SFS_FILE_U64("capability",           VFS_CAP_FLAGS_MASK),
        AA_SFS_DIR("rlimit",                    aa_sfs_entry_rlimit),
        AA_SFS_DIR("caps",                      aa_sfs_entry_caps),