Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull apparmor updates from John Johansen:
 "This is the apparmor pull request, similar to SELinux and seccomp.

  It's the same series that I was sent to James' security tree + one
  regression fix that was found after the series was sent to James and
  would have been sent for v4.14-rc2.

  Features:
  - in preparation for secid mapping add support for absolute root view
    based labels
  - add base infastructure for socket mediation
  - add mount mediation
  - add signal mediation

  minor cleanups and changes:
  - be defensive, ensure unconfined profiles have dfas initialized
  - add more debug asserts to apparmorfs
  - enable policy unpacking to audit different reasons for failure
  - cleanup conditional check for label in label_print
  - Redundant condition: prev_ns. in [label.c:1498]

  Bug Fixes:
  - fix regression in apparmorfs DAC access permissions
  - fix build failure on sparc caused by undeclared signals
  - fix sparse report of incorrect type assignment when freeing label proxies
  - fix race condition in null profile creation
  - Fix an error code in aafs_create()
  - Fix logical error in verify_header()
  - Fix shadowed local variable in unpack_trans_table()"

* tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: fix apparmorfs DAC access permissions
  apparmor: fix build failure on sparc caused by undeclared signals
  apparmor: fix incorrect type assignment when freeing proxies
  apparmor: ensure unconfined profiles have dfas initialized
  apparmor: fix race condition in null profile creation
  apparmor: move new_null_profile to after profile lookup fns()
  apparmor: add base infastructure for socket mediation
  apparmor: add more debug asserts to apparmorfs
  apparmor: make policy_unpack able to audit different info messages
  apparmor: add support for absolute root view based labels
  apparmor: cleanup conditional check for label in label_print
  apparmor: add mount mediation
  apparmor: add the ability to mediate signals
  apparmor: Redundant condition: prev_ns. in [label.c:1498]
  apparmor: Fix an error code in aafs_create()
  apparmor: Fix logical error in verify_header()
  apparmor: Fix shadowed local variable in unpack_trans_table()

diff --cc security/apparmor/domain.c
Simple merge

diff --cc security/apparmor/include/domain.h
index 24c5976,db27403..ac9862f
--- 1/security/apparmor/include/domain.h
--- 2/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@@ -29,7 -31,11 +31,10 @@@ struct aa_domain 
  #define AA_CHANGE_ONEXEC  4
  #define AA_CHANGE_STACK 8
  
+ struct aa_label *x_table_lookup(struct aa_profile *profile, u32 xindex,
+                               const char **name);
+ 
  int apparmor_bprm_set_creds(struct linux_binprm *bprm);
 -int apparmor_bprm_secureexec(struct linux_binprm *bprm);
  
  void aa_free_domain_entries(struct aa_domain *domain);
  int aa_change_hat(const char *hats[], int count, u64 token, int flags);

diff --cc security/apparmor/lsm.c
index 7a82c0f,cc5ab23..72b915d
--- 1/security/apparmor/lsm.c
--- 2/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@@ -694,8 -1165,10 +1165,9 @@@ static struct security_hook_list apparm
        LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds),
        LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds),
        LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds),
 -      LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec),
  
        LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
+       LSM_HOOK_INIT(task_kill, apparmor_task_kill),
  };
  
  /*