提交 · 3cfcc19e0b5390c04cb5bfa4e8fde39395410e61 · openeuler / Kernel

28 4月, 2013 1 次提交
- J
  apparmor: add utility function to get an arbitrary tasks profile. · 3cfcc19e
  由 John Johansen 提交于 2月 18, 2013
```
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
Acked-by: NSteve Beattie <sbeattie@ubuntu.com>
```
  3cfcc19e
10 4月, 2012 2 次提交

LSM: do not initialize common_audit_data to 0 · 50c205f5

由 Eric Paris 提交于 4月 04, 2012

It isn't needed. If you don't set the type of the data associated with
that type it is a pretty obvious programming bug. So why waste the cycles?
Signed-off-by: NEric Paris <eparis@redhat.com>

50c205f5

E
LSM: remove the COMMON_AUDIT_DATA_INIT type expansion · bd5e50f9
由 Eric Paris 提交于 4月 04, 2012
```
Just open code it so grep on the source code works better.
Signed-off-by: NEric Paris <eparis@redhat.com>
```
bd5e50f9

04 4月, 2012 1 次提交

LSM: shrink sizeof LSM specific portion of common_audit_data · 3b3b0e4f

由 Eric Paris 提交于 4月 03, 2012

Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

3b3b0e4f

10 9月, 2011 1 次提交

apparmor: sparse fix: include ipc.h · 33f8bf58

由 James Morris 提交于 8月 29, 2011

Include ipc.h to eliminate sparse warnings.

security/apparmor/ipc.c:61:5: warning: symbol 'aa_may_ptrace' was not declared. Should it be static?
security/apparmor/ipc.c:83:5: warning: symbol 'aa_ptrace' was not declared. Should it be static
Signed-off-by: NJames Morris <jmorris@namei.org>
Acked-by: NJohn Johansen <john.johansen@canonical.com>

33f8bf58

02 8月, 2010 2 次提交

J
AppArmor: fix build warnings for non-const use of get_task_cred · 77c80e6b
由 James Morris 提交于 8月 02, 2010
```
Fix build warnings for non-const use of get_task_cred.
Signed-off-by: NJames Morris <jmorris@namei.org>
```
77c80e6b

AppArmor: mediation of non file objects · 0ed3b28a

由 John Johansen 提交于 7月 29, 2010

ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests.  Improved mediation is a wip.

rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level.  Only resources specified in a profile are controled
or set.  AppArmor rules set the hard limit to a value <= to the current
hard limit (ie. they can not currently raise hard limits), and if
necessary will lower the soft limit to the new hard limit value.

AppArmor does not track resource limits to reset them when a profile
is left so that children processes inherit the limits set by the
parent even if they are not confined by the same profile.

Capabilities:  AppArmor provides a per profile mask of capabilities,
that will further restrict.
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

0ed3b28a

openeuler / Kernel 1 年多 前同步成功

openeuler / Kernel
1 年多前同步成功