mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-27 22:51:31 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/apparmor/include
History
John Johansen 73f488cd90 apparmor: convert attaching profiles via xattrs to use dfa matching 
This converts profile attachment based on xattrs to a fixed extended
conditional using dfa matching.

This has a couple of advantages
- pattern matching can be used for the xattr match

- xattrs can be optional for an attachment or marked as required

- the xattr attachment conditional will be able to be combined with
  other extended conditionals when the flexible extended conditional
  work lands.

The xattr fixed extended conditional is appended to the xmatch
conditional. If an xattr attachment is specified the profile xmatch
will be generated regardless of whether there is a pattern match on
the executable name.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2018-02-09 11:30:02 -08:00
..
apparmor.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
apparmorfs.h apparmor: add policy revision file interface 2017-06-10 17:11:27 -07:00
audit.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
capability.h apparmor: move capability checks to using labels 2017-06-10 17:11:40 -07:00
cred.h apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
crypto.h apparmor: allow introspecting the loaded policy pre internal transform 2017-01-16 01:18:42 -08:00
domain.h + Features 2017-09-23 05:33:29 -10:00
file.h apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
ipc.h apparmor: add the ability to mediate signals 2017-09-22 13:00:57 -07:00
label.h apparmor: provide a bounded version of label_parse 2018-02-09 11:30:01 -08:00
lib.h Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
match.h apparmor: dfa add support for state differential encoding 2018-02-09 11:30:01 -08:00
mount.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
path.h apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
perms.h apparmor: fix ptrace label match when matching stacked labels 2018-01-12 15:49:59 -08:00
policy.h apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
policy_ns.h apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
policy_unpack.h apparmor: split load data into management struct and data blob 2018-02-09 11:30:00 -08:00
procattr.h apparmor: switch getprocattr to using label_print fns() 2017-06-10 17:11:39 -07:00
resource.h apparmor: move resource checks to using labels 2017-06-10 17:11:40 -07:00
secid.h apparmor: rename sid to secid 2017-01-16 00:42:17 -08:00
sig_names.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
task.h apparmor: update domain transitions that are subsets of confinement at nnp 2018-02-09 11:30:01 -08:00