diff options
author | John Johansen | 2012-04-12 23:47:51 +0200 |
---|---|---|
committer | James Morris | 2012-04-14 03:13:18 +0200 |
commit | c29bceb3967398cf2ac8bf8edf9634fdb722df7d (patch) | |
tree | 9feaa5a8b78812e48fa9b4e9b8b939f06390bee8 /kernel | |
parent | Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (diff) | |
download | kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.gz kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.xz kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.zip |
Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
Add support for AppArmor to explicitly fail requested domain transitions
if NO_NEW_PRIVS is set and the task is not unconfined.
Transitions from unconfined are still allowed because this always results
in a reduction of privileges.
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
v18: new acked-by, new description
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions