leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5c73fceb8c
linux/security
History
Stephen Smalley 5c73fceb8c SELinux: Enable setting security contexts on rootfs inodes. 
rootfs (ramfs) can support setting of security contexts
by userspace due to the vfs fallback behavior of calling
the security module to set the in-core inode state
for security.* attributes when the filesystem does not
provide an xattr handler.  No xattr handler required
as the inodes are pinned in memory and have no backing
store.

This is useful in allowing early userspace to label individual
files within a rootfs while still providing a policy-defined
default via genfs.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2013-07-25 13:02:37 -04:00
..
apparmor new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
integrity ima: eliminate passing d_name.name to process_measurement() 2013-04-17 17:20:57 -07:00
keys aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
selinux SELinux: Enable setting security contexts on rootfs inodes. 2013-07-25 13:02:37 -04:00
smack Smack: include magic.h in smackfs.c 2013-04-03 13:13:51 +11:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c lsm: split the xfrm_state_alloc_security() hook implementation 2013-07-25 13:01:25 -04:00
commoncap.c kill f_vfsmnt 2013-02-26 02:46:10 -05:00
device_cgroup.c devcg: remove parent_cgroup. 2013-04-18 11:34:35 -07:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c lsm: split the xfrm_state_alloc_security() hook implementation 2013-07-25 13:01:25 -04:00