summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
* LSM: Add /sys/kernel/security/lsmCasey Schaufler2017-01-1911-17/+82
* apparmor: fix undefined reference to `aa_g_hash_policy'John Johansen2017-01-161-1/+1
* apparmor: replace remaining BUG_ON() asserts with AA_BUG()John Johansen2017-01-164-5/+5
* apparmor: fix restricted endian type warnings for policy unpackJohn Johansen2017-01-161-6/+6
* apparmor: fix restricted endian type warnings for dfa unpackJohn Johansen2017-01-162-12/+12
* apparmor: add check for apparmor enabled in module parameters missing itJohn Johansen2017-01-161-0/+10
* apparmor: add per cpu work buffers to avoid allocating buffers at every hookJohn Johansen2017-01-162-1/+103
* apparmor: sysctl to enable unprivileged user ns AppArmor policy loadingTyler Hicks2017-01-162-1/+47
* apparmor: support querying extended trusted helper extra dataWilliam Hua2017-01-165-0/+245
* apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen2017-01-161-6/+10
* apparmor: make computing policy hashes conditional on kernel parameterJohn Johansen2017-01-162-29/+32
* apparmor: convert change_profile to use fqname later to give better controlJohn Johansen2017-01-165-66/+28
* apparmor: fix change_hat debug outputJohn Johansen2017-01-161-4/+5
* apparmor: remove unused op parameter from simple_write_to_buffer()John Johansen2017-01-161-6/+3
* apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen2017-01-1612-161/+155
* apparmor: change op from int to const char *John Johansen2017-01-1610-134/+84
* apparmor: rename context abreviation cxt to the more standard ctxJohn Johansen2017-01-165-144/+150
* apparmor: fail task profile update if current_cred isn't real_credJohn Johansen2017-01-161-0/+3
* apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2017-01-162-22/+130
* apparmor: pass the subject profile into profile replace/removeJohn Johansen2017-01-163-16/+21
* apparmor: audit policy ns specified in policy loadJohn Johansen2017-01-163-24/+77
* apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen2017-01-168-58/+278
* apparmor: add ns name to the audit data for policy loadsJohn Johansen2017-01-162-10/+25
* apparmor: add profile and ns params to aa_may_manage_policy()John Johansen2017-01-163-14/+12
* apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen2017-01-163-10/+16
* apparmor: add ns being viewed as a param to policy_view_capable()John Johansen2017-01-164-8/+35
* apparmor: allow specifying the profile doing the managementJohn Johansen2017-01-161-11/+21
* apparmor: allow introspecting the policy namespace nameJohn Johansen2017-01-161-0/+24
* apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen2017-01-163-5/+7
* apparmor: track ns level so it can be used to help in view checksJohn Johansen2017-01-161-0/+1
* apparmor: add special .null file used to "close" fds at execJohn Johansen2017-01-163-1/+81
* apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen2017-01-161-0/+1
* apparmor: add a default null dfaJohn Johansen2017-01-166-2/+46
* apparmor: allow policydb to be used as the file dfaJohn Johansen2017-01-161-4/+8
* apparmor: add get_dfa() fnJohn Johansen2017-01-161-0/+15
* apparmor: prepare to support newer versions of policyJohn Johansen2017-01-162-10/+25
* apparmor: add support for force complain flag to support learning modeJohn Johansen2017-01-161-1/+3
* apparmor: remove paranoid load switchJohn Johansen2017-01-162-16/+10
* apparmor: name null-XXX profiles after the executableJohn Johansen2017-01-163-17/+47
* apparmor: pass gfp_t parameter into profile allocationJohn Johansen2017-01-164-8/+9
* apparmor: refactor prepare_ns() and make usable from different viewsJohn Johansen2017-01-165-38/+79
* apparmor: update policy_destroy to use new debug assertsJohn Johansen2017-01-161-9/+2
* apparmor: pass gfp param into aa_policy_init()John Johansen2017-01-164-7/+7
* apparmor: constify policy name and hnameJohn Johansen2017-01-163-4/+4
* apparmor: rename hname_tail to basenameJohn Johansen2017-01-163-4/+4
* apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2017-01-162-8/+8
* apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen2017-01-163-4/+43
* apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen2017-01-161-0/+11
* apparmor: allow ns visibility question to consider subnsesJohn Johansen2017-01-164-8/+14
* apparmor: add fn to lookup profiles by fqnameJohn Johansen2017-01-164-7/+38