]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a9eb185) | patch
apparmor: add ability to mediate caps with policy state machine
authorJohn Johansen <john.johansen@canonical.com>
Thu, 4 Jan 2024 17:00:49 +0000 (09:00 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Sat, 18 Jan 2025 14:47:12 +0000 (06:47 -0800)
commitce9e3b3fa25a239f5c80989a1d05719bb2793fd4
treee106773b410868003b789eee891707c3bc2edd3dtree
parenta9eb185be84e998aa9a99c7760534ccc06216705commit | diff
apparmor: add ability to mediate caps with policy state machine

Currently the caps encoding is very limited and can't be used with
conditionals. Allow capabilities to be mediated by the state
machine. This will allow us to add conditionals to capabilities that
aren't possible with the current encoding.

This patch only adds support for using the state machine and retains
the old encoding lookup as part of the runtime mediation code to
support older policy abis. A follow on patch will move backwards
compatibility to a mapping function done at policy load time.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/capability.c diff | blob | blame | history
security/apparmor/include/capability.h diff | blob | blame | history
security/apparmor/lsm.c diff | blob | blame | history
A mirror of Linus' kernel repository