redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/security
History
Casey Schaufler 1880eff77e Smack: onlycap limits on CAP_MAC_ADMIN 
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.

This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2012-07-13 15:49:23 -07:00
..
apparmor split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31 13:11:54 -04:00
integrity ima: audit is compiled only when enabled 2012-07-05 16:43:59 -04:00
keys Merge commit 'v3.5-rc2' into next 2012-06-10 22:52:10 +10:00
selinux split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31 13:11:54 -04:00
smack Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
tomoyo Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next 2012-05-22 11:21:06 +10:00
yama Yama: replace capable() with ns_capable() 2012-05-15 10:27:57 +10:00
capability.c split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31 13:11:54 -04:00
commoncap.c split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31 13:11:54 -04:00
device_cgroup.c cgroup: convert all non-memcg controllers to the new cftype interface 2012-04-01 12:09:55 -07:00
inode.c
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c
security.c security: Fix nommu build. 2012-07-02 23:56:04 +10:00