11 Jan, 2019
1 commit
-
This patch provides a general mechanism for passing flags to the
security_capable LSM hook. It replaces the specific 'audit' flag that is
used to tell security_capable whether it should log an audit message for
the given capability check. The reason for generalizing this flag
passing is so we can add an additional flag that signifies whether
security_capable is being called by a setid syscall (which is needed by
the proposed SafeSetID LSM).Signed-off-by: Micah Morton
Reviewed-by: Kees Cook
Signed-off-by: James Morris
10 Feb, 2018
1 commit
-
Now that file contexts have been moved into file, and task context
fns() and data have been split from the context, only the cred context
remains in context.h so rename to cred.h to better reflect what it
deals with.Signed-off-by: John Johansen
11 Jun, 2017
1 commit
-
Signed-off-by: John Johansen
09 Jun, 2017
1 commit
-
prefixes are used for fns/data that are not static to apparmorfs.c
with the prefixes being
aafs - special magic apparmorfs for policy namespace data
aa_sfs - for fns/data that go into securityfs
aa_fs - for fns/data that may be used in the either of aafs or
securityfsSigned-off-by: John Johansen
Reviewed-by: Seth Arnold
Reviewed-by: Kees Cook
16 Jan, 2017
2 commits
-
apparmor should be checking the SECURITY_CAP_NOAUDIT constant. Also
in complain mode make it so apparmor can elect to log a message,
informing of the check.Signed-off-by: John Johansen
-
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.Signed-off-by: John Johansen
30 Oct, 2013
1 commit
-
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.Signed-off-by: John Johansen
15 Aug, 2013
1 commit
-
Signed-off-by: John Johansen
Acked-by: Seth Arnold
10 Apr, 2012
3 commits
-
It isn't needed. If you don't set the type of the data associated with
that type it is a pretty obvious programming bug. So why waste the cycles?Signed-off-by: Eric Paris
-
apparmor is the only LSM that uses the common_audit_data tsk field.
Instead of making all LSMs pay for the stack space move the aa usage into
the apparmor_audit_data.Signed-off-by: Eric Paris
-
Just open code it so grep on the source code works better.
Signed-off-by: Eric Paris
04 Apr, 2012
1 commit
-
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.Signed-off-by: Eric Paris
Signed-off-by: Linus Torvalds
02 Aug, 2010
1 commit
-
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests. Improved mediation is a wip.rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level. Only resources specified in a profile are controled
or set. AppArmor rules set the hard limit to a value
Signed-off-by: James Morris