kernel/linux.git/security/apparmor/resource.c, branch v4.15.6

apparmor: fix spelling mistake: "resoure" -> "resource"

2017-11-21T08:25:44+00:00

Trivial fix to spelling mistake in comment and also with text in audit_resource call. Signed-off-by: Colin Ian King Signed-off-by: John Johansen

apparmor: move resource checks to using labels

2017-06-11T00:11:40+00:00

Signed-off-by: John Johansen

apparmor: move capability checks to using labels

2017-06-11T00:11:40+00:00

Signed-off-by: John Johansen

apparmor: switch from profiles to using labels on contexts

2017-06-11T00:11:38+00:00

Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen

apparmor: convert to profile block critical sections

2017-06-11T00:11:34+00:00

There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen

apparmor: rename apparmor file fns and data to indicate use

2017-06-08T19:51:52+00:00

prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen Reviewed-by: Seth Arnold Reviewed-by: Kees Cook

apparmor: change aad apparmor_audit_data macro to a fn macro

2017-01-16T09:18:47+00:00

The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen

apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task

2016-07-12T15:43:10+00:00

While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit on another task. The only other example of a AppArmor mediating access to another, already running, task (ignoring fork+exec) is ptrace. The AppArmor model for ptrace is that one of the following must be true: 1) The tracer is unconfined 2) The tracer is in complain mode 3) The tracer and tracee are confined by the same profile 4) The tracer is confined but has SYS_CAP_PTRACE 1), 2, and 3) are already true for setrlimit. We can match the ptrace model just by allowing CAP_SYS_RESOURCE. We still test the values of the rlimit since it can always be overridden using a value that means unlimited for a particular resource. Signed-off-by: Jeff Mahoney Signed-off-by: John Johansen

apparmor: relax the restrictions on setting rlimits

2013-04-28T07:36:46+00:00

Instead of limiting the setting of the processes limits to current, relax this to tasks confined by the same profile, as the apparmor controls for rlimits are at a profile level granularity. Signed-off-by: John Johansen Acked-by: Steve Beattie

LSM: do not initialize common_audit_data to 0

2012-04-09T16:23:04+00:00

It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris