1. 02 8月, 2010 2 次提交
    • J
      AppArmor: fix build warnings for non-const use of get_task_cred · 77c80e6b
      James Morris 提交于
      Fix build warnings for non-const use of get_task_cred.
      Signed-off-by: NJames Morris <jmorris@namei.org>
      77c80e6b
    • J
      AppArmor: functions for domain transitions · 898127c3
      John Johansen 提交于
      AppArmor routines for controling domain transitions, which can occur at
      exec or through self directed change_profile/change_hat calls.
      
      Unconfined tasks are checked at exec against the profiles in the confining
      profile namespace to determine if a profile should be attached to the task.
      
      Confined tasks execs are controlled by the profile which provides rules
      determining which execs are allowed and if so which profiles should be
      transitioned to.
      
      Self directed domain transitions allow a task to request transition
      to a given profile.  If the transition is allowed then the profile will
      be applied, either immeditately or at exec time depending on the request.
      Immeditate self directed transitions have several security limitations
      but have uses in setting up stub transition profiles and other limited
      cases.
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      898127c3