linux/security
Eric Paris 3f12070e27 SELinux: policy selectable handling of unknown classes and perms
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes.  The three choices for the
policy flags are

0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access

The policy's choice is exported through 2 booleans in
selinuxfs.  /selinux/deny_unknown and /selinux/reject_unknown.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2007-10-17 08:59:33 +10:00
..
keys mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
selinux SELinux: policy selectable handling of unknown classes and perms 2007-10-17 08:59:33 +10:00
Kconfig [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
capability.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
commoncap.c fix NULL pointer dereference in __vm_enough_memory() 2007-08-22 19:52:45 -07:00
dummy.c SELinux: Improve read/write performance 2007-10-17 08:59:31 +10:00
inode.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c security: unexport mmap_min_addr 2007-07-11 22:52:33 -04:00