summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include
diff options
context:
space:
mode:
authorMicah Morton <mortonm@chromium.org>2019-01-08 01:10:53 +0100
committerJames Morris <james.morris@microsoft.com>2019-01-10 23:16:06 +0100
commitc1a85a00ea66cb6f0bd0f14e47c28c2b0999799f (patch)
tree310c082e0b41d2d3ff8b619553ed5e45ad244862 /security/apparmor/include
parentMerge tag 'blob-stacking-security-next' of https://git.kernel.org/pub/scm/lin... (diff)
downloadlinux-c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f.tar.xz
linux-c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f.zip
LSM: generalize flag passing to security_capable
This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r--security/apparmor/include/capability.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
index e0304e2aeb7f..1b3663b6ab12 100644
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -40,7 +40,7 @@ struct aa_caps {
extern struct aa_sfs_entry aa_sfs_entry_caps[];
-int aa_capable(struct aa_label *label, int cap, int audit);
+int aa_capable(struct aa_label *label, int cap, unsigned int opts);
static inline void aa_free_cap_rules(struct aa_caps *caps)
{