| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
AA_BUG() uses WARN and won't break the kernel like BUG_ON().
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
| |
|
|
| |
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
| |
|
|
|
|
|
|
| |
Trying to update the task cred while the task current cred is not the
real cred will result in an error at the cred layer. Avoid this by
failing early and delaying the update.
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
| |
|
|
|
|
| |
Proxy is shorter and a better fit than replaceby, so rename it.
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
remove the use of replaced by chaining and move to profile invalidation
and lookup to handle task replacement.
Replacement chaining can result in large chains of profiles being pinned
in memory when one profile in the chain is use. With implicit labeling
this will be even more of a problem, so move to a direct lookup method.
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
| |
|
|
|
| |
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
| |
|
|
|
| |
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
|
| |
|
|
|
| |
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
|
|
|
AppArmor contexts attach profiles and state to tasks, files, etc. when
a direct profile reference is not sufficient.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
