mirror of
https://github.com/torvalds/linux.git
synced 2024-11-29 23:51:37 +00:00
b0c636b999
Adds a new open permission inside SELinux when 'opening' a file. The idea is that opening a file and reading/writing to that file are not the same thing. Its different if a program had its stdout redirected to /tmp/output than if the program tried to directly open /tmp/output. This should allow policy writers to more liberally give read/write permissions across the policy while still blocking many design and programing flaws SELinux is so good at catching today. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| avtab.c | ||
| avtab.h | ||
| conditional.c | ||
| conditional.h | ||
| constraint.h | ||
| context.h | ||
| ebitmap.c | ||
| ebitmap.h | ||
| hashtab.c | ||
| hashtab.h | ||
| Makefile | ||
| mls_types.h | ||
| mls.c | ||
| mls.h | ||
| policydb.c | ||
| policydb.h | ||
| services.c | ||
| services.h | ||
| sidtab.c | ||
| sidtab.h | ||
| symtab.c | ||
| symtab.h | ||