linux_old1/security/apparmor/include
John Johansen 58acf9d911 apparmor: fix module parameters can be changed after policy is locked
the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2016-07-12 08:43:10 -07:00
..
apparmor.h apparmor: add parameter to control whether policy hashing is used 2016-07-12 08:43:10 -07:00
apparmorfs.h apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
audit.h apparmor: remove parent task info from audit logging 2013-10-29 21:34:04 -07:00
capability.h apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
context.h apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
crypto.h apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
domain.h AppArmor: functions for domain transitions 2010-08-02 15:35:14 +10:00
file.h apparmor: constify aa_path_link() 2016-03-28 00:47:26 -04:00
ipc.h apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
match.h apparmor: add missing id bounds check on dfa verification 2016-07-12 08:43:10 -07:00
path.h [apparmor] constify struct path * in a bunch of helpers 2016-03-27 23:48:14 -04:00
policy.h apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
policy_unpack.h apparmor: allow setting any profile into the unconfined state 2013-08-14 11:42:07 -07:00
procattr.h apparmor: remove "permipc" command 2013-04-28 00:36:32 -07:00
resource.h AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27 11:38:19 -08:00
sid.h apparmor: remove sid from profiles 2013-04-28 00:37:13 -07:00