linux/security
Aristeu Rozanski c39a2a3018 devcg: prepare may_access() for hierarchy support
Currently may_access() is only able to verify if an exception is valid for the
current cgroup, which has the same behavior. With hierarchy, it'll be also used
to verify if a cgroup local exception is valid towards its cgroup parent, which
might have different behavior.

v2:
- updated patch description
- rebased on top of a new patch to expand the may_access() logic to make it
  more clear
- fixed argument description order in may_access()

Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2013-03-20 07:50:13 -07:00
..
apparmor new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
integrity hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
keys KEYS: Revert one application of "Fix unreachable code" patch 2013-02-21 07:56:25 -08:00
selinux Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
smack new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
tomoyo new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
yama Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-12-17 15:44:47 -08:00
capability.c tun: fix LSM/SELinux labeling of tun/tap devices 2013-01-14 18:16:59 -05:00
commoncap.c kill f_vfsmnt 2013-02-26 02:46:10 -05:00
device_cgroup.c devcg: prepare may_access() for hierarchy support 2013-03-20 07:50:13 -07:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c tun: fix LSM/SELinux labeling of tun/tap devices 2013-01-14 18:16:59 -05:00