diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2012-06-06 00:28:30 +0200 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2012-07-14 00:49:23 +0200 |
commit | 1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e (patch) | |
tree | fc4b9a2ca7c643a30cbe2260886fdbd969bf2b50 /security/security.c | |
parent | Smack: fix smack_new_inode bogosities (diff) | |
download | linux-1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e.tar.xz linux-1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e.zip |
Smack: onlycap limits on CAP_MAC_ADMIN
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.
This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/security.c')
0 files changed, 0 insertions, 0 deletions