davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c29bceb396
kernel-ark/security/apparmor
History
John Johansen c29bceb396 Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS 
Add support for AppArmor to explicitly fail requested domain transitions
if NO_NEW_PRIVS is set and the task is not unconfined.

Transitions from unconfined are still allowed because this always results
in a reduction of privileges.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>

v18: new acked-by, new description
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-04-14 11:13:18 +10:00
..
include LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
.gitignore .gitignore: ignore apparmor/rlim_names.h 2010-10-21 10:12:35 +11:00
apparmorfs.c AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
audit.c lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03 09:49:59 -07:00
capability.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
context.c AppArmor: contexts used in attaching policy to system objects 2010-08-02 15:35:12 +10:00
domain.c Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS 2012-04-14 11:13:18 +10:00
file.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
ipc.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
Kconfig apparmor: depends on NET 2010-08-05 07:36:51 -04:00
lib.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
lsm.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
Makefile AppArmor: Fix location of const qualifier on generated string tables 2012-03-19 18:22:46 -07:00
match.c AppArmor: Update dfa matching routines. 2012-03-14 06:15:24 -07:00
path.c AppArmor: Move path failure information into aa_get_name and rename 2012-03-14 06:15:25 -07:00
policy_unpack.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
policy.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
procattr.c apparmor: sparse fix: include procattr.h in procattr.c 2011-09-09 16:56:29 -07:00
resource.c LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03 09:48:40 -07:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00