summaryrefslogtreecommitdiffstats
path: root/security/apparmor/ipc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* apparmor: fix capability to not use the current task, during reportingJohn Johansen2013-10-301-5/+4
| | | | | | | Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add utility function to get an arbitrary tasks profile.John Johansen2013-04-281-9/+4
| | | | | Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com>
* LSM: do not initialize common_audit_data to 0Eric Paris2012-04-091-1/+1
| | | | | | | It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <eparis@redhat.com>
* LSM: remove the COMMON_AUDIT_DATA_INIT type expansionEric Paris2012-04-091-1/+1
| | | | | | Just open code it so grep on the source code works better. Signed-off-by: Eric Paris <eparis@redhat.com>
* LSM: shrink sizeof LSM specific portion of common_audit_dataEric Paris2012-04-031-4/+6
| | | | | | | | | | | | Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* apparmor: sparse fix: include ipc.hJames Morris2011-09-101-0/+1
| | | | | | | | | | Include ipc.h to eliminate sparse warnings. security/apparmor/ipc.c:61:5: warning: symbol 'aa_may_ptrace' was not declared. Should it be static? security/apparmor/ipc.c:83:5: warning: symbol 'aa_ptrace' was not declared. Should it be static Signed-off-by: James Morris <jmorris@namei.org> Acked-by: John Johansen <john.johansen@canonical.com>
* AppArmor: fix build warnings for non-const use of get_task_credJames Morris2010-08-021-1/+1
| | | | | | Fix build warnings for non-const use of get_task_cred. Signed-off-by: James Morris <jmorris@namei.org>
* AppArmor: mediation of non file objectsJohn Johansen2010-08-021-0/+114
ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>