projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e025be0) | patch
apparmor: sysctl to enable unprivileged user ns AppArmor policy loading
authorTyler Hicks <tyhicks@canonical.com>
Thu, 17 Mar 2016 00:19:10 +0000 (19:19 -0500)
committerJohn Johansen <john.johansen@canonical.com>
Mon, 16 Jan 2017 09:18:52 +0000 (01:18 -0800)
commite3ea1ca59adaefa31935a6f8f06a9168ea0e57d2
tree9ad612c96bb48331ed9203a3fe0ed4f3c6792002tree | snapshot (tar.gz zip)
parente025be0f26d5597b0a2bdfa65145a0171e77b614commit | diff
apparmor: sysctl to enable unprivileged user ns AppArmor policy loading

If this sysctl is set to non-zero and a process with CAP_MAC_ADMIN in
the root namespace has created an AppArmor policy namespace,
unprivileged processes will be able to change to a profile in the
newly created AppArmor policy namespace and, if the profile allows
CAP_MAC_ADMIN and appropriate file permissions, will be able to load
policy in the respective policy namespace.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/lsm.c diff | blob | blame | history
security/apparmor/policy.c diff | blob | blame | history