提交 · bd5e50f9c1c71daac273fa586424f07205f6b13b · OpenHarmony / kernel_linux

10 4月, 2012 1 次提交
- E
  LSM: remove the COMMON_AUDIT_DATA_INIT type expansion · bd5e50f9
  由 Eric Paris 提交于 4月 04, 2012
```
Just open code it so grep on the source code works better.
Signed-off-by: NEric Paris <eparis@redhat.com>
```
  bd5e50f9
04 4月, 2012 1 次提交

LSM: shrink sizeof LSM specific portion of common_audit_data · 3b3b0e4f

由 Eric Paris 提交于 4月 03, 2012

Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

3b3b0e4f

28 2月, 2012 1 次提交

AppArmor: export known rlimit names/value mappings in securityfs · d384b0a1

由 Kees Cook 提交于 1月 26, 2012

Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.
Signed-off-by: NKees Cook <kees@ubuntu.com>
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>

d384b0a1

08 9月, 2010 1 次提交

AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes · 3a2dc838

由 John Johansen 提交于 9月 06, 2010

2.6.36 introduced the abilitiy to specify the task that is having its
rlimits set.  Update mediation to ensure that confined tasks can only
set their own group_leader as expected by current policy.

Add TODO note about extending policy to support setting other tasks
rlimits.
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

3a2dc838

02 8月, 2010 1 次提交

AppArmor: mediation of non file objects · 0ed3b28a

由 John Johansen 提交于 7月 29, 2010

ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests.  Improved mediation is a wip.

rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level.  Only resources specified in a profile are controled
or set.  AppArmor rules set the hard limit to a value <= to the current
hard limit (ie. they can not currently raise hard limits), and if
necessary will lower the soft limit to the new hard limit value.

AppArmor does not track resource limits to reset them when a profile
is left so that children processes inherit the limits set by the
parent even if they are not confined by the same profile.

Capabilities:  AppArmor provides a per profile mask of capabilities,
that will further restrict.
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

0ed3b28a

OpenHarmony / kernel_linux 上一次同步 4 年多

OpenHarmony / kernel_linux
上一次同步 4 年多