linux/security
Eric Paris b0c636b999 SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file.  The idea
is that opening a file and reading/writing to that file are not the same
thing.  Its different if a program had its stdout redirected to /tmp/output
than if the program tried to directly open /tmp/output. This should allow
policy writers to more liberally give read/write permissions across the
policy while still blocking many design and programing flaws SELinux is so
good at catching today.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:06 +10:00
..
keys Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
selinux SELinux: create new open permission 2008-04-18 20:26:06 +10:00
smack smackfs: remove redundant lock, fix open(,O_RDWR) 2008-03-24 19:22:19 -07:00
capability.c file capabilities: remove cap_task_kill() 2008-03-20 09:46:36 -07:00
commoncap.c file capabilities: remove cap_task_kill() 2008-03-20 09:46:36 -07:00
dummy.c LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: allow Kconfig to set default mmap_min_addr protection 2008-02-06 21:39:46 +08:00
Makefile Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
root_plug.c security: Convert LSM into a static interface 2007-10-17 08:43:07 -07:00
security.c LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00