1. 23 Oct, 2015 1 commit
  2. 22 Oct, 2015 2 commits
  3. 21 Oct, 2015 15 commits
  4. 20 Oct, 2015 2 commits
  5. 19 Oct, 2015 1 commit
    • Zbigniew Jasinski's avatar
      Smack: limited capability for changing process label · 38416e53
      Zbigniew Jasinski authored
      This feature introduces new kernel interface:
      
      - <smack_fs>/relabel-self - for setting transition labels list
      
      This list is used to control smack label transition mechanism.
      List is set by, and per process. Process can transit to new label only if
      label is on the list. Only process with CAP_MAC_ADMIN capability can add
      labels to this list. With this list, process can change it's label without
      CAP_MAC_ADMIN but only once. After label changing, list is unset.
      
      Changes in v2:
      * use list_for_each_entry instead of _rcu during label write
      * added missing description in security/Smack.txt
      
      Changes in v3:
      * squashed into one commit
      
      Changes in v4:
      * switch from global list to per-task list
      * since the per-task list is accessed only by the task itself
        there is no need to use synchronization mechanisms on it
      
      Changes in v5:
      * change smackfs interface of relabel-self to the one used for onlycap
        multiple labels are accepted, separated by space, which
        replace the previous list upon write
      Signed-off-by: default avatarZbigniew Jasinski <z.jasinski@samsung.com>
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      38416e53
  6. 18 Oct, 2015 18 commits
  7. 09 Oct, 2015 1 commit