Searched hist:e3ea1ca5 (Results 1 – 2 of 2) sorted by relevance
/openbmc/linux/security/apparmor/ |
H A D | policy.c | e3ea1ca5 Wed Mar 16 19:19:10 CDT 2016 Tyler Hicks <tyhicks@canonical.com> apparmor: sysctl to enable unprivileged user ns AppArmor policy loading
If this sysctl is set to non-zero and a process with CAP_MAC_ADMIN in the root namespace has created an AppArmor policy namespace, unprivileged processes will be able to change to a profile in the newly created AppArmor policy namespace and, if the profile allows CAP_MAC_ADMIN and appropriate file permissions, will be able to load policy in the respective policy namespace.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
H A D | lsm.c | e3ea1ca5 Wed Mar 16 19:19:10 CDT 2016 Tyler Hicks <tyhicks@canonical.com> apparmor: sysctl to enable unprivileged user ns AppArmor policy loading
If this sysctl is set to non-zero and a process with CAP_MAC_ADMIN in the root namespace has created an AppArmor policy namespace, unprivileged processes will be able to change to a profile in the newly created AppArmor policy namespace and, if the profile allows CAP_MAC_ADMIN and appropriate file permissions, will be able to load policy in the respective policy namespace.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|