remarkable-linux

History

Stephen Smalley 8e4ff6f228 selinux: distinguish non-init user namespace capability checks Distinguish capability checks against a target associated with the init user namespace versus capability checks against a target associated with a non-init user namespace by defining and using separate security classes for the latter. This is needed to support e.g. Chrome usage of user namespaces for the Chrome sandbox without needing to allow Chrome to also exercise capabilities on targets in the init user namespace. Suggested-by: Dan Walsh <dwalsh@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>		2016-04-26 15:41:43 -04:00
..
apparmor	apparmor: clarify CRYPTO dependency	2015-10-22 11:11:28 +11:00
integrity	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2016-03-17 11:33:45 -07:00
keys	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2016-03-17 11:33:45 -07:00
selinux	selinux: distinguish non-init user namespace capability checks	2016-04-26 15:41:43 -04:00
smack	smack: fix cache of access labels	2016-02-16 09:56:35 -08:00
tomoyo	mm/gup: Introduce get_user_pages_remote()	2016-02-16 10:04:09 +01:00
yama	security: let security modules use PTRACE_MODE_* with bitmasks	2016-01-20 17:09:18 -08:00
commoncap.c	ptrace: use fsuid, fsgid, effective creds for fs access checks	2016-01-20 17:09:18 -08:00
device_cgroup.c
inode.c	wrappers for ->i_mutex access	2016-01-22 18:04:28 -05:00
Kconfig
lsm_audit.c
Makefile
min_addr.c
security.c	module: replace copy_module_from_fd with kernel version	2016-02-21 09:06:12 -05:00