iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8e4ff6f228
linux/security/selinux
History
Stephen Smalley 8e4ff6f228 selinux: distinguish non-init user namespace capability checks 
Distinguish capability checks against a target associated
with the init user namespace versus capability checks against
a target associated with a non-init user namespace by defining
and using separate security classes for the latter.

This is needed to support e.g. Chrome usage of user namespaces
for the Chrome sandbox without needing to allow Chrome to also
exercise capabilities on targets in the init user namespace.

Suggested-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-04-26 15:41:43 -04:00
..
include selinux: distinguish non-init user namespace capability checks 2016-04-26 15:41:43 -04:00
ss selinux: Change bool variable name to index. 2016-04-14 11:24:50 -04:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
exports.c selinux: sparse fix: include selinux.h in exports.c 2011-09-09 16:56:32 -07:00
hooks.c selinux: distinguish non-init user namespace capability checks 2016-04-26 15:41:43 -04:00
Kconfig selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default 2015-10-21 17:44:25 -04:00
Makefile selinux: use absolute path to include directory 2016-01-28 10:37:15 -05:00
netif.c Merge commit 'v3.17' into next 2014-11-19 21:32:12 +11:00
netlabel.c net: add skb_to_full_sk() helper and use it in selinux_netlbl_skbuff_setsid() 2015-11-08 20:56:38 -05:00
netlink.c selinux: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:49 -04:00
netnode.c selinux: remove unused variabled in the netport, netnode, and netif caches 2014-08-07 20:55:30 -04:00
netport.c selinux: remove unused variabled in the netport, netnode, and netif caches 2014-08-07 20:55:30 -04:00
nlmsgtab.c selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables 2016-02-09 04:55:05 -05:00
selinuxfs.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
xfrm.c netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00