kernel/linux.git/security/apparmor/ipc.c, branch linux-4.13.y Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-4.13.y 2017-06-11T00:11:42+00:00 apparmor: allow ptrace checks to be finer grained than just capability 2017-06-11T00:11:42+00:00 John Johansen john.johansen@canonical.com 2017-06-09T21:38:35+00:00 urn:sha1:290f458a4f16f9cf6cb6562b249e69fe1c3c3a07 Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: move ptrace checks to using labels 2017-06-11T00:11:41+00:00 John Johansen john.johansen@canonical.com 2017-06-09T21:22:14+00:00 urn:sha1:b2d09ae449cedc6f276ac485c013d22a97d36992 Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: move capability checks to using labels 2017-06-11T00:11:40+00:00 John Johansen john.johansen@canonical.com 2017-06-09T21:07:02+00:00 urn:sha1:c70c86c421427fd8487867de66c4104b15abd772 Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: switch from profiles to using labels on contexts 2017-06-11T00:11:38+00:00 John Johansen john.johansen@canonical.com 2017-06-09T15:14:28+00:00 urn:sha1:637f688dc3dc304a89f441d76f49a0e35bc49c08 Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: change aad apparmor_audit_data macro to a fn macro 2017-01-16T09:18:47+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:02+00:00 urn:sha1:ef88a7ac55fdd3bf6ac3942b83aa29311b45339b The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: fix capability to not use the current task, during reporting 2013-10-30T04:33:37+00:00 John Johansen john.johansen@canonical.com 2013-10-08T12:37:18+00:00 urn:sha1:dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com> apparmor: add utility function to get an arbitrary tasks profile. 2013-04-28T07:35:53+00:00 John Johansen john.johansen@canonical.com 2013-02-19T00:03:34+00:00 urn:sha1:3cfcc19e0b5390c04cb5bfa4e8fde39395410e61 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com> LSM: do not initialize common_audit_data to 0 2012-04-09T16:23:04+00:00 Eric Paris eparis@redhat.com 2012-04-04T19:01:43+00:00 urn:sha1:50c205f5e5c2e2af002fd4ef537ded79b90b1b56 It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <eparis@redhat.com> LSM: remove the COMMON_AUDIT_DATA_INIT type expansion 2012-04-09T16:23:01+00:00 Eric Paris eparis@redhat.com 2012-04-04T19:01:42+00:00 urn:sha1:bd5e50f9c1c71daac273fa586424f07205f6b13b Just open code it so grep on the source code works better. Signed-off-by: Eric Paris <eparis@redhat.com> LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03T16:48:40+00:00 Eric Paris eparis@redhat.com 2012-04-03T16:37:02+00:00 urn:sha1:3b3b0e4fc15efa507b902d90cea39e496a523c3b Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>