linux/security
John Johansen 9fcf78cca1 apparmor: update domain transitions that are subsets of confinement at nnp
Domain transition so far have been largely blocked by no new privs,
unless the transition has been provably a subset of the previous
confinement. There was a couple problems with the previous
implementations,

- transitions that weren't explicitly a stack but resulted in a subset
  of confinement were disallowed

- confinement subsets were only calculated from the previous
  confinement instead of the confinement being enforced at the time of
  no new privs, so transitions would have to get progressively
  tighter.

Fix this by detecting and storing a reference to the task's
confinement at the "time" no new privs is set. This reference is then
used to determine whether a transition is a subsystem of the
confinement at the time no new privs was set.

Unfortunately the implementation is less than ideal in that we have to
detect no new privs after the fact when a task attempts a domain
transition. This is adequate for the currently but will not work in a
stacking situation where no new privs could be conceivably be set in
both the "host" and in the container.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2018-02-09 11:30:01 -08:00
..
apparmor apparmor: update domain transitions that are subsets of confinement at nnp 2018-02-09 11:30:01 -08:00
integrity ima: do not update security.ima if appraisal status is not INTEGRITY_PASS 2017-11-20 08:23:10 +11:00
keys KEYS: reject NULL restriction string when type is specified 2017-12-08 15:13:29 +00:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux/stable-4.15 PR 20171113 2017-11-15 13:32:56 -08:00
smack Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-11-13 10:30:44 -08:00
tomoyo Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-11-13 10:30:44 -08:00
yama doc: ReSTify Yama.txt 2017-05-18 10:33:04 -06:00
commoncap.c capabilities: fix buffer overread on very short xattr 2018-01-02 20:49:13 +11:00
device_cgroup.c device_cgroup: prepare code for bpf-based device controller 2017-11-05 23:26:51 +09:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig security/Kconfig: Correct the Documentation reference for PTI 2018-01-14 11:42:10 +01:00
lsm_audit.c lsm_audit: update my email address 2017-08-17 15:33:39 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: bpf: Add LSM hooks for bpf object related syscall 2017-10-20 13:32:59 +01:00