linux_dsm_epyc7002/security/apparmor/include
Micah Morton c1a85a00ea LSM: generalize flag passing to security_capable
This patch provides a general mechanism for passing flags to the
security_capable LSM hook. It replaces the specific 'audit' flag that is
used to tell security_capable whether it should log an audit message for
the given capability check. The reason for generalizing this flag
passing is so we can add an additional flag that signifies whether
security_capable is being called by a setid syscall (which is needed by
the proposed SafeSetID LSM).

Signed-off-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
2019-01-10 14:16:06 -08:00
..
apparmor.h apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
apparmorfs.h apparmor: add policy revision file interface 2017-06-10 17:11:27 -07:00
audit.h apparmor: Add support for audit rule filtering 2018-06-07 01:50:47 -07:00
capability.h LSM: generalize flag passing to security_capable 2019-01-10 14:16:06 -08:00
cred.h Infrastructure management of the cred security blob 2019-01-08 13:18:44 -08:00
crypto.h apparmor: allow introspecting the loaded policy pre internal transform 2017-01-16 01:18:42 -08:00
domain.h + Features 2017-09-23 05:33:29 -10:00
file.h LSM: Infrastructure management of the file security 2019-01-08 13:18:44 -08:00
ipc.h apparmor: add the ability to mediate signals 2017-09-22 13:00:57 -07:00
label.h apparmor: add support for mapping secids and using secctxes 2018-05-02 00:48:55 -07:00
lib.h Infrastructure management of the cred security blob 2019-01-08 13:18:44 -08:00
match.h apparmor: improve overlapping domain attachment resolution 2018-02-09 11:30:02 -08:00
mount.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
net.h apparmor: Parse secmark policy 2018-10-03 06:18:38 -07:00
path.h apparmor: improve get_buffers macro by using get_cpu_ptr 2018-06-07 01:49:21 -07:00
perms.h apparmor: Check buffer bounds when mapping permissions mask 2018-07-19 16:24:43 -07:00
policy_ns.h apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
policy_unpack.h apparmor: split load data into management struct and data blob 2018-02-09 11:30:00 -08:00
policy.h apparmor: Parse secmark policy 2018-10-03 06:18:38 -07:00
procattr.h apparmor: switch getprocattr to using label_print fns() 2017-06-10 17:11:39 -07:00
resource.h apparmor: move resource checks to using labels 2017-06-10 17:11:40 -07:00
secid.h apparmor: Add a wildcard secid 2018-10-03 06:18:17 -07:00
sig_names.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
task.h LSM: Infrastructure management of the task security 2019-01-08 13:18:45 -08:00