linux/security
John Johansen 898127c34e AppArmor: functions for domain transitions
AppArmor routines for controling domain transitions, which can occur at
exec or through self directed change_profile/change_hat calls.

Unconfined tasks are checked at exec against the profiles in the confining
profile namespace to determine if a profile should be attached to the task.

Confined tasks execs are controlled by the profile which provides rules
determining which execs are allowed and if so which profiles should be
transitioned to.

Self directed domain transitions allow a task to request transition
to a given profile.  If the transition is allowed then the profile will
be applied, either immeditately or at exec time depending on the request.
Immeditate self directed transitions have several security limitations
but have uses in setting up stub transition profiles and other limited
cases.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:35:14 +10:00
..
apparmor AppArmor: functions for domain transitions 2010-08-02 15:35:14 +10:00
integrity/ima ima: use generic_file_llseek for securityfs 2010-08-02 15:34:58 +10:00
keys KEYS: Reinstate lost passing of process keyring ID in call_sbin_request_key() 2010-08-02 15:34:56 +10:00
selinux SELinux: Move execmod to the common perms 2010-08-02 15:35:09 +10:00
smack security: make LSMs explicitly mask off permissions 2010-08-02 15:35:07 +10:00
tomoyo TOMOYO: Update version to 2.3.0 2010-08-02 15:35:10 +10:00
capability.c Security: capability: code style issue 2010-08-02 15:35:00 +10:00
commoncap.c security: whitespace coding style fixes 2010-04-23 10:10:23 +10:00
device_cgroup.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
inode.c securityfs: Drop dentry reference count when mknod fails 2010-08-02 15:34:59 +10:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
Makefile NOMMU: Optimise away the {dac_,}mmap_min_addr tests 2009-12-17 09:25:19 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c LSM: Remove unused arguments from security_path_truncate(). 2010-08-02 15:33:40 +10:00