diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-06-09 21:58:42 +0300 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 03:11:37 +0300 |
| commit | 192ca6b55a866e838aee98d9cb6a0b5086467c03 (patch) | |
| tree | eba93d671a1476432f357fa68e6842f548e2cb2f /security/apparmor/include/audit.h | |
| parent | 2835a13bbdc09d330eafdf5e67eb407c90c01ab7 (diff) | |
| download | linux-192ca6b55a866e838aee98d9cb6a0b5086467c03.tar.xz | |
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/audit.h')
| -rw-r--r-- | security/apparmor/include/audit.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 1aeb8550fb82..d548261dd1b7 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -69,6 +69,7 @@ enum audit_type { #define OP_FLOCK "file_lock" #define OP_FMMAP "file_mmap" #define OP_FMPROT "file_mprotect" +#define OP_INHERIT "file_inherit" #define OP_CREATE "create" #define OP_POST_CREATE "post_create" |