diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 11:58:42 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:37 -0700 |
commit | 192ca6b55a866e838aee98d9cb6a0b5086467c03 (patch) | |
tree | eba93d671a1476432f357fa68e6842f548e2cb2f /security/apparmor/context.c | |
parent | apparmor: cleanup rename XXX_file_context() to XXX_file_ctx() (diff) | |
download | linux-dev-192ca6b55a866e838aee98d9cb6a0b5086467c03.tar.xz linux-dev-192ca6b55a866e838aee98d9cb6a0b5086467c03.zip |
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/context.c')
0 files changed, 0 insertions, 0 deletions