summaryrefslogtreecommitdiffstats
path: root/security
Commit message (Expand)AuthorAgeFilesLines
...
| * | | | apparmor: add per cpu work buffers to avoid allocating buffers at every hookJohn Johansen2017-01-162-1/+103
| * | | | apparmor: sysctl to enable unprivileged user ns AppArmor policy loadingTyler Hicks2017-01-162-1/+47
| * | | | apparmor: support querying extended trusted helper extra dataWilliam Hua2017-01-165-0/+245
| * | | | apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen2017-01-161-6/+10
| * | | | apparmor: make computing policy hashes conditional on kernel parameterJohn Johansen2017-01-162-29/+32
| * | | | apparmor: convert change_profile to use fqname later to give better controlJohn Johansen2017-01-165-66/+28
| * | | | apparmor: fix change_hat debug outputJohn Johansen2017-01-161-4/+5
| * | | | apparmor: remove unused op parameter from simple_write_to_buffer()John Johansen2017-01-161-6/+3
| * | | | apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen2017-01-1612-161/+155
| * | | | apparmor: change op from int to const char *John Johansen2017-01-1610-134/+84
| * | | | apparmor: rename context abreviation cxt to the more standard ctxJohn Johansen2017-01-165-144/+150
| * | | | apparmor: fail task profile update if current_cred isn't real_credJohn Johansen2017-01-161-0/+3
| * | | | apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2017-01-162-22/+130
| * | | | apparmor: pass the subject profile into profile replace/removeJohn Johansen2017-01-163-16/+21
| * | | | apparmor: audit policy ns specified in policy loadJohn Johansen2017-01-163-24/+77
| * | | | apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen2017-01-168-58/+278
| * | | | apparmor: add ns name to the audit data for policy loadsJohn Johansen2017-01-162-10/+25
| * | | | apparmor: add profile and ns params to aa_may_manage_policy()John Johansen2017-01-163-14/+12
| * | | | apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen2017-01-163-10/+16
| * | | | apparmor: add ns being viewed as a param to policy_view_capable()John Johansen2017-01-164-8/+35
| * | | | apparmor: allow specifying the profile doing the managementJohn Johansen2017-01-161-11/+21
| * | | | apparmor: allow introspecting the policy namespace nameJohn Johansen2017-01-161-0/+24
| * | | | apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen2017-01-163-5/+7
| * | | | apparmor: track ns level so it can be used to help in view checksJohn Johansen2017-01-161-0/+1
| * | | | apparmor: add special .null file used to "close" fds at execJohn Johansen2017-01-163-1/+81
| * | | | apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen2017-01-161-0/+1
| * | | | apparmor: add a default null dfaJohn Johansen2017-01-166-2/+46
| * | | | apparmor: allow policydb to be used as the file dfaJohn Johansen2017-01-161-4/+8
| * | | | apparmor: add get_dfa() fnJohn Johansen2017-01-161-0/+15
| * | | | apparmor: prepare to support newer versions of policyJohn Johansen2017-01-162-10/+25
| * | | | apparmor: add support for force complain flag to support learning modeJohn Johansen2017-01-161-1/+3
| * | | | apparmor: remove paranoid load switchJohn Johansen2017-01-162-16/+10
| * | | | apparmor: name null-XXX profiles after the executableJohn Johansen2017-01-163-17/+47
| * | | | apparmor: pass gfp_t parameter into profile allocationJohn Johansen2017-01-164-8/+9
| * | | | apparmor: refactor prepare_ns() and make usable from different viewsJohn Johansen2017-01-165-38/+79
| * | | | apparmor: update policy_destroy to use new debug assertsJohn Johansen2017-01-161-9/+2
| * | | | apparmor: pass gfp param into aa_policy_init()John Johansen2017-01-164-7/+7
| * | | | apparmor: constify policy name and hnameJohn Johansen2017-01-163-4/+4
| * | | | apparmor: rename hname_tail to basenameJohn Johansen2017-01-163-4/+4
| * | | | apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2017-01-162-8/+8
| * | | | apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen2017-01-163-4/+43
| * | | | apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen2017-01-161-0/+11
| * | | | apparmor: allow ns visibility question to consider subnsesJohn Johansen2017-01-164-8/+14
| * | | | apparmor: add fn to lookup profiles by fqnameJohn Johansen2017-01-164-7/+38
| * | | | apparmor: add lib fn to find the "split" for fqnamesJohn Johansen2017-01-162-0/+55
| * | | | apparmor: add strn version of aa_find_nsJohn Johansen2017-01-162-6/+29
| * | | | apparmor: add strn version of lookup_profile fnJohn Johansen2017-01-162-11/+27
| * | | | apparmor: rename replacedby to proxyJohn Johansen2017-01-165-65/+65
| * | | | apparmor: rename PFLAG_INVALID to PFLAG_STALEJohn Johansen2017-01-163-5/+5
| * | | | apparmor: rename sid to secidJohn Johansen2017-01-164-65/+65