kernel-ark

History

John Johansen 58acf9d911 apparmor: fix module parameters can be changed after policy is locked the policy_lock parameter is a one way switch that prevents policy from being further modified. Unfortunately some of the module parameters can effectively modify policy by turning off enforcement. split policy_admin_capable into a view check and a full admin check, and update the admin check to test the policy_lock parameter. Signed-off-by: John Johansen <john.johansen@canonical.com>		2016-07-12 08:43:10 -07:00
..
apparmor.h	apparmor: add parameter to control whether policy hashing is used	2016-07-12 08:43:10 -07:00
apparmorfs.h	apparmor: add the ability to report a sha1 hash of loaded policy	2013-08-14 11:42:08 -07:00
audit.h	apparmor: remove parent task info from audit logging	2013-10-29 21:34:04 -07:00
capability.h	apparmor: fix capability to not use the current task, during reporting	2013-10-29 21:33:37 -07:00
context.h	apparmor: change how profile replacement update is done	2013-08-14 11:42:06 -07:00
crypto.h	apparmor: add the ability to report a sha1 hash of loaded policy	2013-08-14 11:42:08 -07:00
domain.h
file.h	apparmor: constify aa_path_link()	2016-03-28 00:47:26 -04:00
ipc.h	apparmor: fix capability to not use the current task, during reporting	2013-10-29 21:33:37 -07:00
match.h	apparmor: add missing id bounds check on dfa verification	2016-07-12 08:43:10 -07:00
path.h	[apparmor] constify struct path * in a bunch of helpers	2016-03-27 23:48:14 -04:00
policy_unpack.h	apparmor: allow setting any profile into the unconfined state	2013-08-14 11:42:07 -07:00
policy.h	apparmor: fix module parameters can be changed after policy is locked	2016-07-12 08:43:10 -07:00
procattr.h	apparmor: remove "permipc" command	2013-04-28 00:36:32 -07:00
resource.h	AppArmor: export known rlimit names/value mappings in securityfs	2012-02-27 11:38:19 -08:00
sid.h	apparmor: remove sid from profiles	2013-04-28 00:37:13 -07:00