kernel-ark

History

Eric Paris a5dda68332 SELinux: check seqno when updating an avc_node The avc update node callbacks do not check the seqno of the caller with the seqno of the node found. It is possible that a policy change could happen (although almost impossibly unlikely) in which a permissive or permissive_domain decision is not valid for the entry found. Simply pass and check that the seqno of the caller and the seqno of the node found match. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>		2009-02-14 09:22:34 +11:00
..
integrity/ima	ima: fix build error	2009-02-13 09:27:56 +11:00
keys	security: introduce missing kfree	2009-01-17 14:24:46 -08:00
selinux	SELinux: check seqno when updating an avc_node	2009-02-14 09:22:34 +11:00
smack	smackfs load append mode fix	2009-01-27 20:13:32 -08:00
tomoyo	tomoyo: fix sparse warning	2009-02-12 20:21:10 +11:00
capability.c	Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2 ]"	2009-01-07 09:21:54 +11:00
commoncap.c	Merge branch 'next' into for-linus	2009-01-07 09:58:22 +11:00
device_cgroup.c	devices cgroup: allow mkfifo	2009-01-08 08:31:03 -08:00
inode.c	Merge branch 'master' into next	2009-02-06 11:01:45 +11:00
Kconfig	Kconfig and Makefile	2009-02-12 15:19:00 +11:00
Makefile	security: change link order of LSMs so security=tomoyo works	2009-02-12 16:29:04 +11:00
root_plug.c	Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2 ]"	2009-01-07 09:21:54 +11:00
security.c	Merge branch 'next' into for-linus	2009-01-07 09:58:22 +11:00