kernel-ark

History

Stephen Smalley abc69bb633 SELinux: enable processes with mac_admin to get the raw inode contexts Enable processes with CAP_MAC_ADMIN + mac_admin permission in policy to get undefined contexts on inodes. This extends the support for deferred mapping of security contexts in order to permit restorecon and similar programs to see the raw file contexts unknown to the system policy in order to check them. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>		2008-07-14 15:01:52 +10:00
..
keys	keys: remove unused key_alloc_sem	2008-06-06 11:29:11 -07:00
selinux	SELinux: enable processes with mac_admin to get the raw inode contexts	2008-07-14 15:01:52 +10:00
smack	Security: split proc ptrace checking into read vs. attach	2008-07-14 15:01:47 +10:00
capability.c	capabilities: implement per-process securebits	2008-04-28 08:58:26 -07:00
commoncap.c	Security: split proc ptrace checking into read vs. attach	2008-07-14 15:01:47 +10:00
device_cgroup.c	devcgroup: fix permission check when adding entry to child cgroup	2008-07-13 12:51:18 -07:00
dummy.c	Security: split proc ptrace checking into read vs. attach	2008-07-14 15:01:47 +10:00
inode.c	Kobject: convert remaining kobject_unregister() to kobject_put()	2008-01-24 20:40:40 -08:00
Kconfig	security: enhance DEFAULT_MMAP_MIN_ADDR description	2008-04-18 20:26:18 +10:00
Makefile	cgroups: implement device whitelist	2008-04-29 08:06:09 -07:00
root_plug.c	root_plug: use cap_task_prctl	2008-04-28 08:58:27 -07:00
security.c	Security: split proc ptrace checking into read vs. attach	2008-07-14 15:01:47 +10:00