git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Wed, 7 Mar 2018 22:39:43 +0000 (14:39 -0800)
committer	Seth Forshee <seth.forshee@canonical.com>
	Tue, 10 Apr 2018 18:06:12 +0000 (13:06 -0500)
commit	54f4b36b78483ca9283d8c8b17d1348cbe16e318
tree	4c2f179bf8ddca02f2703d057b03d2f016743243	tree
parent	7a90fc39af684a1e75da45a0337d330baf8a7596	commit \| diff

UBUNTU: SAUCE: LSM stacking: LSM: General stacking

BugLink: http://bugs.launchpad.net/bugs/1763062
Leverage the infrastructure management of the security blobs
to allow stacking of security modules in all but the most
extreme case. Security modules are informed of the location
of their data within the blobs at module initialization.

Stacking is optional. If stacking is not configured the old
limit of one "major" security module applies. If stacking is
configured TOMOYO can be configured with an of the other
modules. SELinux, Smack and AppArmor use (or in the AppArmor
case, threaten to use) secids, which are not (yet) shareable.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Documentation/admin-guide/LSM/index.rst		diff \| blob \| blame \| history
include/linux/lsm_hooks.h		diff \| blob \| blame \| history
security/Kconfig		diff \| blob \| blame \| history
security/apparmor/include/context.h		diff \| blob \| blame \| history
security/apparmor/lsm.c		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history
security/selinux/hooks.c		diff \| blob \| blame \| history
security/selinux/include/objsec.h		diff \| blob \| blame \| history
security/smack/smack.h		diff \| blob \| blame \| history
security/smack/smack_lsm.c		diff \| blob \| blame \| history
security/tomoyo/common.h		diff \| blob \| blame \| history
security/tomoyo/tomoyo.c		diff \| blob \| blame \| history