apparmor: allow setting any profile into the unconfined state

Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2013-07-11 06:12:43 +0200
committer: John Johansen <john.johansen@canonical.com> 2013-08-14 20:42:07 +0200
commit: 038165070aa55375d4bdd2f84b34a486feca63d6 (patch)
tree: 327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/include/policy_unpack.h
parent: apparmor: make free_profile available outside of policy.c (diff)
download: linux-038165070aa55375d4bdd2f84b34a486feca63d6.tar.xz
linux-038165070aa55375d4bdd2f84b34a486feca63d6.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h
index 0d7ad722b8ff..c214fb88b1bc 100644
--- a/security/apparmor/include/policy_unpack.h
+++ b/security/apparmor/include/policy_unpack.h
@@ -27,6 +27,13 @@ struct aa_load_ent {
 void aa_load_ent_free(struct aa_load_ent *ent);
 struct aa_load_ent *aa_load_ent_alloc(void);
 
+#define PACKED_FLAG_HAT		1
+
+#define PACKED_MODE_ENFORCE	0
+#define PACKED_MODE_COMPLAIN	1
+#define PACKED_MODE_KILL	2
+#define PACKED_MODE_UNCONFINED	3
+
 int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns);
 
 #endif /* __POLICY_INTERFACE_H */
author	John Johansen <john.johansen@canonical.com>	2013-07-11 06:12:43 +0200
committer	John Johansen <john.johansen@canonical.com>	2013-08-14 20:42:07 +0200
commit	038165070aa55375d4bdd2f84b34a486feca63d6 (patch)
tree	327014e8b5120a0ccc66418159c72f769e9b174d /security/apparmor/include/policy_unpack.h
parent	apparmor: make free_profile available outside of policy.c (diff)
download	linux-038165070aa55375d4bdd2f84b34a486feca63d6.tar.xz linux-038165070aa55375d4bdd2f84b34a486feca63d6.zip