summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-01-16apparmor: fail task profile update if current_cred isn't real_credJohn Johansen1-0/+3
2017-01-16apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2-22/+130
2017-01-16apparmor: pass the subject profile into profile replace/removeJohn Johansen3-16/+21
2017-01-16apparmor: audit policy ns specified in policy loadJohn Johansen3-24/+77
2017-01-16apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen8-58/+278
2017-01-16apparmor: add ns name to the audit data for policy loadsJohn Johansen2-10/+25
2017-01-16apparmor: add profile and ns params to aa_may_manage_policy()John Johansen3-14/+12
2017-01-16apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen3-10/+16
2017-01-16apparmor: add ns being viewed as a param to policy_view_capable()John Johansen4-8/+35
2017-01-16apparmor: allow specifying the profile doing the managementJohn Johansen1-11/+21
2017-01-16apparmor: allow introspecting the policy namespace nameJohn Johansen1-0/+24
2017-01-16apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen3-5/+7
2017-01-16apparmor: track ns level so it can be used to help in view checksJohn Johansen1-0/+1
2017-01-16apparmor: add special .null file used to "close" fds at execJohn Johansen3-1/+81
2017-01-16apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen1-0/+1
2017-01-16apparmor: add a default null dfaJohn Johansen6-2/+46
2017-01-16apparmor: allow policydb to be used as the file dfaJohn Johansen1-4/+8
2017-01-16apparmor: add get_dfa() fnJohn Johansen1-0/+15
2017-01-16apparmor: prepare to support newer versions of policyJohn Johansen2-10/+25
2017-01-16apparmor: add support for force complain flag to support learning modeJohn Johansen1-1/+3
2017-01-16apparmor: remove paranoid load switchJohn Johansen2-16/+10
2017-01-16apparmor: name null-XXX profiles after the executableJohn Johansen3-17/+47
2017-01-16apparmor: pass gfp_t parameter into profile allocationJohn Johansen4-8/+9
2017-01-16apparmor: refactor prepare_ns() and make usable from different viewsJohn Johansen5-38/+79
2017-01-16apparmor: update policy_destroy to use new debug assertsJohn Johansen1-9/+2
2017-01-16apparmor: pass gfp param into aa_policy_init()John Johansen4-7/+7
2017-01-16apparmor: constify policy name and hnameJohn Johansen3-4/+4
2017-01-16apparmor: rename hname_tail to basenameJohn Johansen3-4/+4
2017-01-16apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2-8/+8
2017-01-16apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen3-4/+43
2017-01-16apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen1-0/+11
2017-01-16apparmor: allow ns visibility question to consider subnsesJohn Johansen4-8/+14
2017-01-16apparmor: add fn to lookup profiles by fqnameJohn Johansen4-7/+38
2017-01-16apparmor: add lib fn to find the "split" for fqnamesJohn Johansen2-0/+55
2017-01-16apparmor: add strn version of aa_find_nsJohn Johansen2-6/+29
2017-01-16apparmor: add strn version of lookup_profile fnJohn Johansen2-11/+27
2017-01-16apparmor: rename replacedby to proxyJohn Johansen5-65/+65
2017-01-16apparmor: rename PFLAG_INVALID to PFLAG_STALEJohn Johansen3-5/+5
2017-01-16apparmor: rename sid to secidJohn Johansen4-65/+65
2017-01-16apparmor: rename namespace to ns to improve code line lengthsJohn Johansen8-128/+122
2017-01-16apparmor: split apparmor policy namespaces code into its own fileJohn Johansen10-391/+454
2017-01-16apparmor: split out shared policy_XXX fns to libJohn Johansen4-132/+137
2017-01-16apparmor: move lib definitions into separate lib includeJohn Johansen5-82/+99
2017-01-15apparmor: use designated initializersKees Cook2-5/+7
2017-01-15AppArmor: Use GFP_KERNEL for __aa_kvmalloc().Tetsuo Handa1-1/+2
2017-01-14locking/atomic, kref: Use kref_get_unless_zero() morePeter Zijlstra2-8/+2
2017-01-12security,selinux,smack: kill security_task_wait hookStephen Smalley3-33/+0
2017-01-12selinux: drop unused socket security classesStephen Smalley2-12/+0
2017-01-10Smack: ignore private inode for file functionsSeung-Woo Kim1-0/+12
2017-01-10Smack: fix d_instantiate logic for sockfs and pipefsRafal Krypa1-7/+7