diff options
| author |   John Johansen <john.johansen@canonical.com> | 2017-08-06 05:39:08 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-09-22 13:00:58 -0700 |
| commit | 26b7899510ae243e392960704ebdba52d05fbb13 (patch) | |
| tree | 1a83d9bf79e3d404f7f5a9f8d7b203396432beec /security/apparmor/include | |
| parent | apparmor: cleanup conditional check for label in label_print (diff) | |
| download | linux-dev-26b7899510ae243e392960704ebdba52d05fbb13.tar.xz linux-dev-26b7899510ae243e392960704ebdba52d05fbb13.zip | |
apparmor: add support for absolute root view based labels
With apparmor policy virtualization based on policy namespace View's
we don't generally want/need absolute root based views, however there
are cases like debugging and some secid based conversions where
using a root based view is important.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/include')
| -rw-r--r-- | security/apparmor/include/label.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/include/label.h b/security/apparmor/include/label.h index 9a283b722755..af22dcbbcb8a 100644 --- a/security/apparmor/include/label.h +++ b/security/apparmor/include/label.h @@ -310,6 +310,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp); #define FLAG_SHOW_MODE 1 #define FLAG_VIEW_SUBNS 2 #define FLAG_HIDDEN_UNCONFINED 4 +#define FLAG_ABS_ROOT 8 int aa_label_snxprint(char *str, size_t size, struct aa_ns *view, struct aa_label *label, int flags); int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label, |