summaryrefslogtreecommitdiffstats
path: root/security/apparmor/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* apparmor: switch from profiles to using labels on contextsJohn Johansen2017-06-101-1/+1
| | | | | | | | Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename apparmor file fns and data to indicate useJohn Johansen2017-06-081-3/+3
| | | | | | | | | | | | | prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
* security/apparmor: Use POSIX-compatible "printf '%s'"Thomas Schneider2017-06-081-2/+2
| | | | | | | | When using a strictly POSIX-compliant shell, "-n #define ..." gets written into the file. Use "printf '%s'" to avoid this. Signed-off-by: Thomas Schneider <qsx@qsx.re> Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename sid to secidJohn Johansen2017-01-161-1/+1
| | | | | | Move to common terminology with other LSMs and kernel infrastucture Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: split apparmor policy namespaces code into its own fileJohn Johansen2017-01-161-1/+1
| | | | | | | Policy namespaces will be diverging from profile management and expanding so put it in its own file. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add the ability to report a sha1 hash of loaded policyJohn Johansen2013-08-141-0/+1
| | | | | | | | | Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: export set of capabilities supported by the apparmor moduleJohn Johansen2013-08-141-1/+5
| | | | | | Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40John Johansen2012-10-171-1/+1
| | | | | | | | | | | | | | | The capability defines have moved causing the auto generated names of capabilities that apparmor uses in logging to be incorrect. Fix the autogenerated table source to uapi/linux/capability.h Reported-by: YanHong <clouds.yan@gmail.com> Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl> Analyzed-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* UAPI: (Scripted) Disintegrate include/asm-genericDavid Howells2012-10-041-1/+1
| | | | | | | | | Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
* AppArmor: Fix location of const qualifier on generated string tablesTetsuo Handa2012-03-191-2/+2
| | | | | Signed-off-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: Add const qualifiers to generated string tablesJohn Johansen2012-03-141-2/+3
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: export known rlimit names/value mappings in securityfsKees Cook2012-02-271-6/+18
| | | | | | | | | Since the parser needs to know which rlimits are known to the kernel, export the list via a mask file in the "rlimit" subdirectory in the securityfs "features" directory. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: cleanup generated files correctlyMichal Hocko2011-03-081-1/+1
| | | | | | | clean-files should be defined as a variable not a target. Signed-off-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: Cleanup make file to remove cruft and make it easier to readJohn Johansen2011-03-051-5/+33
| | | | | | | | | | | | | Cleanups based on comments from Sam Ravnborg, * remove references to the currently unused af_names.h * add rlim_names.h to clean-files: * rework cmd_make-XXX to make them more readable by adding comments, reworking the expressions to put logical components on individual lines, and keep lines < 80 characters. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Sam Ravnborg <sam@ravnborg.org>
* AppArmor: Enable configuring and building of the AppArmor security moduleJohn Johansen2010-08-021-0/+24
Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>