diff options
author | John Johansen <john.johansen@canonical.com> | 2012-04-12 16:47:51 -0500 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-04-14 11:13:18 +1000 |
commit | c29bceb3967398cf2ac8bf8edf9634fdb722df7d (patch) | |
tree | 9feaa5a8b78812e48fa9b4e9b8b939f06390bee8 /net/compat.c | |
parent | 259e5e6c75a910f3b5e656151dc602f53f9d7548 (diff) | |
download | linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.gz linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.bz2 linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.zip |
Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
Add support for AppArmor to explicitly fail requested domain transitions
if NO_NEW_PRIVS is set and the task is not unconfined.
Transitions from unconfined are still allowed because this always results
in a reduction of privileges.
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
v18: new acked-by, new description
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'net/compat.c')
0 files changed, 0 insertions, 0 deletions