Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS - openslx/kernel-qcow2-linux.git

diff options

author	John Johansen	2012-04-12 23:47:51 +0200
committer	James Morris	2012-04-14 03:13:18 +0200
commit	c29bceb3967398cf2ac8bf8edf9634fdb722df7d (patch)
tree	9feaa5a8b78812e48fa9b4e9b8b939f06390bee8 /kernel
parent	Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (diff)
download	kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.gz kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.tar.xz kernel-qcow2-linux-c29bceb3967398cf2ac8bf8edf9634fdb722df7d.zip

Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS

Add support for AppArmor to explicitly fail requested domain transitions if NO_NEW_PRIVS is set and the task is not unconfined. Transitions from unconfined are still allowed because this always results in a reduction of privileges. Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Will Drewry <wad@chromium.org> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Andy Lutomirski <luto@amacapital.net> v18: new acked-by, new description Signed-off-by: James Morris <james.l.morris@oracle.com>

Diffstat (limited to 'kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: