Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-4.13.y 2017-06-11T00:11:47+00:00 2017-06-11T00:11:47+00:00 John Johansen john.johansen@canonical.com 2017-06-10T00:11:17+00:00 urn:sha1:40cde7fcc344bc77c1ec9d291dcc35ab12f078aa Now that the domain label transition is complete advertise it to userspace. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:45+00:00 John Johansen john.johansen@canonical.com 2017-06-10T00:15:56+00:00 urn:sha1:064dc9472fa2bc31a7b178882bd7eff782c3d239 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:38+00:00 John Johansen john.johansen@canonical.com 2017-06-09T15:14:28+00:00 urn:sha1:637f688dc3dc304a89f441d76f49a0e35bc49c08 Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:37+00:00 John Johansen john.johansen@canonical.com 2017-06-09T18:58:42+00:00 urn:sha1:192ca6b55a866e838aee98d9cb6a0b5086467c03 Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead in read/write and also prevents file handles being passed through to a grand child unchecked. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-11T00:11:30+00:00 John Johansen john.johansen@canonical.com 2017-05-29T19:16:04+00:00 urn:sha1:aa9aeea8d4c3dfb9297723c4340671ef88e372d3 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-01-16T09:18:47+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:02+00:00 urn:sha1:ef88a7ac55fdd3bf6ac3942b83aa29311b45339b The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-01-16T09:18:46+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:01+00:00 urn:sha1:47f6e5cc7355e4ff2fd7ace919aa9e291077c26b Having ops be an integer that is an index into an op name table is awkward and brittle. Every op change requires an edit for both the op constant and a string in the table. Instead switch to using const strings directly, eliminating the need for the table that needs to be kept in sync. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-01-16T09:18:41+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:42:54+00:00 urn:sha1:fc1c9fd10a53a17abb3348adb2ec5d29813a0397 Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-10-30T04:34:04+00:00 John Johansen john.johansen@canonical.com 2013-10-08T12:39:02+00:00 urn:sha1:4a7fc3018f05f4305723b508b12f3be13b7c4875 The reporting of the parent task info is a vestage from old versions of apparmor. The need for this information was removed by unique null- profiles before apparmor was upstreamed so remove this info from logging. Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-07-11T04:13:43+00:00 urn:sha1:0d259f043f5f60f74c4fd020aac190cb6450e918 Add basic interface files to access namespace and profile information. The interface files are created when a profile is loaded and removed when the profile or namespace is removed. Signed-off-by: John Johansen <john.johansen@canonical.com>