apparmor: add domain label stacking info to apparmorfs

Now that the domain label transition is complete advertise it to
userspace.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/include/audit.h

@@ -92,6 +92,8 @@ enum audit_type {
 #define OP_CHANGE_HAT "change_hat"
 #define OP_CHANGE_PROFILE "change_profile"
 #define OP_CHANGE_ONEXEC "change_onexec"
+#define OP_STACK "stack"
+#define OP_STACK_ONEXEC "stack_onexec"
 
 #define OP_SETPROCATTR "setprocattr"
 #define OP_SETRLIMIT "setrlimit"

security/apparmor/include/domain.h

@@ -27,6 +27,7 @@ struct aa_domain {
 #define AA_CHANGE_TEST 1
 #define AA_CHANGE_CHILD 2
 #define AA_CHANGE_ONEXEC  4
+#define AA_CHANGE_STACK 8
 
 int apparmor_bprm_set_creds(struct linux_binprm *bprm);
 int apparmor_bprm_secureexec(struct linux_binprm *bprm);