20 May, 2011

1 commit

• d410fa4ef   Create Documentation/security/, ... Browse Code »

  move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
  add Documentation/security/00-INDEX, and
  update all occurrences of Documentation/
  to Documentation/security/.

  Randy Dunlap

  2011-05-20 06:59:38 +0800  

31 Mar, 2011

1 commit

• 25985edce   Fix common misspellings ... Browse Code »

  Fixes generated by 'codespell' and manually reviewed.

  Signed-off-by: Lucas De Marchi

  Lucas De Marchi

  2011-03-31 22:26:23 +0800  

02 Aug, 2010

1 commit

• e06f75a6a   AppArmor: dfa match engine ... Browse Code »

  A basic dfa matching engine based off the dfa engine in the Dragon
  Book. It uses simple row comb compression with a check field.

  This allows AppArmor to do pattern matching in linear time, and also
  avoids stack issues that an nfa based engine may have. The dfa
  engine uses a byte based comparison, with all values being valid.
  Any potential character encoding are handled user side when the dfa
  tables are created. By convention AppArmor uses \0 to separate two
  dependent path matches since \0 is not a valid path character
  (this is done in the link permission check).

  The dfa tables are generated in user space and are verified at load
  time to be internally consistent.

  There are several future improvements planned for the dfa engine:
  * The dfa engine may be converted to a hybrid nfa-dfa engine, with
  a fixed size limited stack. This would allow for size time
  tradeoffs, by inserting limited nfa states to help control
  state explosion that can occur with dfas.
  * The dfa engine may pickup the ability to do limited dynamic
  variable matching, instead of fixing all variables at policy
  load time.

  Signed-off-by: John Johansen
  Signed-off-by: James Morris

  John Johansen

  2010-08-02 13:35:13 +0800