linux/security/apparmor/include
John Johansen 2d9da9b188 apparmor: allow restricting unprivileged change_profile
unprivileged unconfined can use change_profile to alter the confinement
set by the mac admin.

Allow restricting unprivileged unconfined by still allowing change_profile
but stacking the change against unconfined. This allows unconfined to
still apply system policy but allows the task to enter the new confinement.

If unprivileged unconfined is required a sysctl is provided to switch
to the previous behavior.

Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2023-10-18 15:48:44 -07:00
..
apparmor.h apparmor: Fix undefined references to zstd_ symbols 2022-10-03 14:49:04 -07:00
apparmorfs.h apparmor: make export of raw binary profile to userspace optional 2022-07-09 15:13:59 -07:00
audit.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
capability.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
cred.h apparmor: Simplify obtain the newest label on a cred 2022-10-03 14:49:04 -07:00
crypto.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.h apparmor: extend permissions to support a label and tag string 2022-10-03 14:49:03 -07:00
file.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
ipc.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
label.h apparmor: refactor profile rules and attachments 2022-10-03 14:49:04 -07:00
lib.h apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
match.h apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
mount.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
net.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
path.h apparmor: allow label to carry debug flags 2022-07-19 02:55:45 -07:00
perms.h apparmor: combine common_audit_data and apparmor_audit_data 2023-10-18 15:30:29 -07:00
policy_compat.h apparmor: isolate policy backwards compatibility to its own file 2022-10-03 14:49:03 -07:00
policy_ns.h apparmor: remove unused functions in policy_ns.c/.h 2023-10-15 21:44:31 -07:00
policy_unpack.h + Features 2022-12-14 13:42:09 -08:00
policy.h apparmor: allow restricting unprivileged change_profile 2023-10-18 15:48:44 -07:00
procattr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
resource.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
secid.h apparmor: disable showing the mode as part of a secid to secctx 2022-07-13 17:18:29 -07:00
sig_names.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
task.h apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00