linux-toradex.git/security/apparmor/include/capability.h, branch v4.0-rc1 Linux kernel for Apalis and Colibri modules apparmor: fix capability to not use the current task, during reporting 2013-10-30T04:33:37+00:00 John Johansen john.johansen@canonical.com 2013-10-08T12:37:18+00:00 dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: export set of capabilities supported by the apparmor module 2013-08-14T18:42:07+00:00 John Johansen john.johansen@canonical.com 2013-08-14T18:27:32+00:00 84f1f787421cd83bb7dfb34d584586f6a5fe7baa Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
AppArmor: mediation of non file objects 2010-08-02T05:38:35+00:00 John Johansen john.johansen@canonical.com 2010-07-29T21:48:05+00:00 0ed3b28ab8bf460a3a026f3f1782bf4c53840184 ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests.  Improved mediation is a wip.

rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level.  Only resources specified in a profile are controled
or set.  AppArmor rules set the hard limit to a value <= to the current
hard limit (ie. they can not currently raise hard limits), and if
necessary will lower the soft limit to the new hard limit value.

AppArmor does not track resource limits to reset them when a profile
is left so that children processes inherit the limits set by the
parent even if they are not confined by the same profile.

Capabilities:  AppArmor provides a per profile mask of capabilities,
that will further restrict.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>