iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73f488cd90
linux/security/apparmor
History
John Johansen 73f488cd90 apparmor: convert attaching profiles via xattrs to use dfa matching 
This converts profile attachment based on xattrs to a fixed extended
conditional using dfa matching.

This has a couple of advantages
- pattern matching can be used for the xattr match

- xattrs can be optional for an attachment or marked as required

- the xattr attachment conditional will be able to be combined with
  other extended conditionals when the flexible extended conditional
  work lands.

The xattr fixed extended conditional is appended to the xmatch
conditional. If an xattr attachment is specified the profile xmatch
will be generated regardless of whether there is a pattern match on
the executable name.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2018-02-09 11:30:02 -08:00
..
include apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
.gitignore Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
apparmorfs.c apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
audit.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
capability.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
crypto.c apparmor: use SHASH_DESC_ON_STACK 2017-04-07 08:58:35 +10:00
domain.c apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
file.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
ipc.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
Kconfig apparmor: add debug assert AA_BUG and Kconfig to control debug info 2017-01-16 01:18:24 -08:00
label.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
lib.c apparmor: remove unused redundant variable stop 2017-11-21 02:17:13 -08:00
lsm.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
Makefile apparmor: move task related defines and fns to task.X files 2018-02-09 11:30:01 -08:00
match.c apparmor: dfa split verification of table headers 2018-02-09 11:30:02 -08:00
mount.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
policy_ns.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
policy_unpack.c apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
policy.c apparmor: convert attaching profiles via xattrs to use dfa matching 2018-02-09 11:30:02 -08:00
procattr.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
resource.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
secid.c apparmor: rename sid to secid 2017-01-16 00:42:17 -08:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: update domain transitions that are subsets of confinement at nnp 2018-02-09 11:30:01 -08:00