linux/security
David Howells 1bfdc75ae0 CRED: Add a kernel_service object class to SELinux
Add a 'kernel_service' object class to SELinux and give this object class two
access vectors: 'use_as_override' and 'create_files_as'.

The first vector is used to grant a process the right to nominate an alternate
process security ID for the kernel to use as an override for the SELinux
subjective security when accessing stuff on behalf of another process.

For example, CacheFiles when accessing the cache on behalf on a process
accessing an NFS file needs to use a subjective security ID appropriate to the
cache rather then the one the calling process is using.  The cachefilesd
daemon will nominate the security ID to be used.

The second vector is used to grant a process the right to nominate a file
creation label for a kernel service to use.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 10:39:27 +11:00
..
keys CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
selinux CRED: Add a kernel_service object class to SELinux 2008-11-14 10:39:27 +11:00
smack CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
capability.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
commoncap.c CRED: Prettify commoncap.c 2008-11-14 10:39:24 +11:00
device_cgroup.c devcgroup: remove spin_lock() 2008-10-20 08:52:38 -07:00
inode.c integrity: special fs magic 2008-10-13 09:47:43 +11:00
Kconfig securityfs: do not depend on CONFIG_SECURITY 2008-08-28 10:47:42 +10:00
Makefile securityfs: do not depend on CONFIG_SECURITY 2008-08-28 10:47:42 +10:00
root_plug.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
security.c CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00