Smack: onlycap limits on CAP_MAC_ADMIN - linux-dev - Linux kernel development work

diff options

author	Casey Schaufler <casey@schaufler-ca.com>	2012-06-05 15:28:30 -0700
committer	Casey Schaufler <casey@schaufler-ca.com>	2012-07-13 15:49:23 -0700
commit	1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e (patch)
tree	fc4b9a2ca7c643a30cbe2260886fdbd969bf2b50 /lib/mpi/mpi-bit.c
parent	Smack: fix smack_new_inode bogosities (diff)
download	linux-dev-1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e.tar.xz linux-dev-1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e.zip

Smack: onlycap limits on CAP_MAC_ADMIN

Smack is integrated with the POSIX capabilities scheme, using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to determine if a process is allowed to ignore Smack checks or change Smack related data respectively. Smack provides an additional restriction that if an onlycap value is set by writing to /smack/onlycap only tasks with that Smack label are allowed to use CAP_MAC_OVERRIDE. This change adds CAP_MAC_ADMIN as a capability that is affected by the onlycap mechanism. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Diffstat (limited to 'lib/mpi/mpi-bit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: