apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
648,275 Commits 2 Branches 0 Tags
5ebfb12822656beec5c56b362d44e4db81c8e1eb
Commit Graph

82 Commits

Author SHA1 Message Date
John Johansen 181f7c9776 apparmor: name null-XXX profiles after the executable 
When possible its better to name a learning profile after the missing
profile in question. This allows for both more informative names and
for profile reuse.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:30 -08:00
John Johansen 30b026a8d1 apparmor: pass gfp_t parameter into profile allocation 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:29 -08:00
John Johansen 73688d1ed0 apparmor: refactor prepare_ns() and make usable from different views 
prepare_ns() will need to be called from alternate views, and namespaces
will need to be created via different interfaces. So refactor and
allow specifying the view ns.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:28 -08:00
John Johansen d102d89571 apparmor: pass gfp param into aa_policy_init() 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:27 -08:00
John Johansen bbe4a7c873 apparmor: constify policy name and hname 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:26 -08:00
John Johansen 6e474e3063 apparmor: rename hname_tail to basename 
Rename to the shorter and more familiar shell cmd name

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:25 -08:00
John Johansen efeee83a70 apparmor: rename mediated_filesystem() to path_mediated_fs() 
Rename to indicate the test is only about whether path mediation is used,
not whether other types of mediation might be used.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:24 -08:00
John Johansen 680cd62e91 apparmor: add debug assert AA_BUG and Kconfig to control debug info 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:24 -08:00
John Johansen 57e36bbd67 apparmor: add macro for bug asserts to check that a lock is held 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:23 -08:00
John Johansen 92b6d8eff5 apparmor: allow ns visibility question to consider subnses 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:22 -08:00
John Johansen 31617ddfdd apparmor: add fn to lookup profiles by fqname 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:22 -08:00
John Johansen 3b0aaf5866 apparmor: add lib fn to find the "split" for fqnames 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:21 -08:00
John Johansen 9a2d40c12d apparmor: add strn version of aa_find_ns 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:20 -08:00
John Johansen 1741e9eb8c apparmor: add strn version of lookup_profile fn 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:19 -08:00
John Johansen 8399588a7f apparmor: rename replacedby to proxy 
Proxy is shorter and a better fit than replaceby, so rename it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:18:19 -08:00
John Johansen d97d51d253 apparmor: rename PFLAG_INVALID to PFLAG_STALE 
Invalid does not convey the meaning of the flag anymore so rename it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 01:16:37 -08:00
John Johansen 121d4a91e3 apparmor: rename sid to secid 
Move to common terminology with other LSMs and kernel infrastucture

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:17 -08:00
John Johansen 98849dff90 apparmor: rename namespace to ns to improve code line lengths 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:16 -08:00
John Johansen cff281f686 apparmor: split apparmor policy namespaces code into its own file 
Policy namespaces will be diverging from profile management and
expanding so put it in its own file.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:15 -08:00
John Johansen fe6bb31f59 apparmor: split out shared policy_XXX fns to lib 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:14 -08:00
John Johansen 12557dcba2 apparmor: move lib definitions into separate lib include 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:13 -08:00
John Johansen 58acf9d911 apparmor: fix module parameters can be changed after policy is locked 
the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2016-07-12 08:43:10 -07:00
John Johansen 15756178c6 apparmor: add missing id bounds check on dfa verification 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2016-07-12 08:43:10 -07:00
John Johansen 6059f71f1e apparmor: add parameter to control whether policy hashing is used 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2016-07-12 08:43:10 -07:00
Al Viro 3539aaf670 apparmor: constify aa_path_link() 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 2016-03-28 00:47:26 -04:00