capabilities: introduce security_capable_noaudit - openslx/kernel-qcow2-linux.git

diff options

author	Eric Paris	2012-01-03 18:25:15 +0100
committer	Eric Paris	2012-01-06 00:52:54 +0100
commit	c7eba4a97563fd8b431787f7ad623444f2da80c6 (patch)
tree	12041949c45c2f394d6a96041c39e07ad6df720b /kernel/capability.c
parent	capabilities: reverse arguments to security_capable (diff)
download	kernel-qcow2-linux-c7eba4a97563fd8b431787f7ad623444f2da80c6.tar.gz kernel-qcow2-linux-c7eba4a97563fd8b431787f7ad623444f2da80c6.tar.xz kernel-qcow2-linux-c7eba4a97563fd8b431787f7ad623444f2da80c6.zip

capabilities: introduce security_capable_noaudit

Exactly like security_capable except don't audit any denials. This is for places where the kernel may make decisions about what to do if a task has a given capability, but which failing that capability is not a sign of a security policy violation. An example is checking if a task has CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer. This check is not a security violation if it is denied. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>

Diffstat (limited to 'kernel/capability.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: