linux/security
John Johansen 6380bd8ddf AppArmor: file enforcement routines
AppArmor does files enforcement via pathname matching.  Matching is done
at file open using a dfa match engine.  Permission is against the final
file object not parent directories, ie. the traversal of directories
as part of the file match is implicitly allowed.  In the case of nonexistant
files (creation) permissions are checked against the target file not the
directory.  eg. In case of creating the file /dir/new, permissions are
checked against the match /dir/new not against /dir/.

The permissions for matches are currently stored in the dfa accept table,
but this will change to allow for dfa reuse and also to allow for sharing
of wider accept states.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:35:14 +10:00
..
apparmor AppArmor: file enforcement routines 2010-08-02 15:35:14 +10:00
integrity/ima ima: use generic_file_llseek for securityfs 2010-08-02 15:34:58 +10:00
keys KEYS: Reinstate lost passing of process keyring ID in call_sbin_request_key() 2010-08-02 15:34:56 +10:00
selinux SELinux: Move execmod to the common perms 2010-08-02 15:35:09 +10:00
smack security: make LSMs explicitly mask off permissions 2010-08-02 15:35:07 +10:00
tomoyo TOMOYO: Update version to 2.3.0 2010-08-02 15:35:10 +10:00
capability.c Security: capability: code style issue 2010-08-02 15:35:00 +10:00
commoncap.c security: whitespace coding style fixes 2010-04-23 10:10:23 +10:00
device_cgroup.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
inode.c securityfs: Drop dentry reference count when mknod fails 2010-08-02 15:34:59 +10:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
Makefile NOMMU: Optimise away the {dac_,}mmap_min_addr tests 2009-12-17 09:25:19 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c LSM: Remove unused arguments from security_path_truncate(). 2010-08-02 15:33:40 +10:00