summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/apparmorfs.h
Commit message (Collapse)AuthorAgeFilesLines
* apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2017-01-161-0/+6
| | | | | | | Having per policy ns interface files helps with containers restoring policy. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen2017-01-161-0/+5
| | | | | | | | Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add special .null file used to "close" fds at execJohn Johansen2017-01-161-0/+2
| | | | | | | Borrow the special null device file from selinux to "close" fds that don't have sufficient permissions at exec time. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename namespace to ns to improve code line lengthsJohn Johansen2017-01-161-4/+4
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add the ability to report a sha1 hash of loaded policyJohn Johansen2013-08-141-0/+1
| | | | | | | | | Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: add an optional profile attachment string for profilesJohn Johansen2013-08-141-0/+1
| | | | | | | | | Add the ability to take in and report a human readable profile attachment string for profiles so that attachment specifications can be easily inspected. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: add interface files for profiles and namespacesJohn Johansen2013-08-141-0/+38
| | | | | | | | Add basic interface files to access namespace and profile information. The interface files are created when a profile is loaded and removed when the profile or namespace is removed. Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: add "file" details to securityfsKees Cook2012-02-271-0/+6
| | | | | | | | Create the "file" directory in the securityfs for tracking features related to files. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: add initial "features" directory to securityfsKees Cook2012-02-271-0/+14
| | | | | | | | This adds the "features" subdirectory to the AppArmor securityfs to display boolean features flags and the known capability mask. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: refactor securityfs to use structuresKees Cook2012-02-271-0/+24
| | | | | | | Use a file tree structure to represent the AppArmor securityfs. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: userspace interfacesJohn Johansen2010-08-021-0/+20
The /proc/<pid>/attr/* interface is used for process introspection and commands. While the apparmorfs interface is used for global introspection and loading and removing policy. The interface currently only contains the files necessary for loading policy, and will be extended in the future to include sysfs style single per file introspection inteface. The old AppArmor 2.4 interface files have been removed into a compatibility patch, that distros can use to maintain backwards compatibility. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
OpenPOWER on IntegriCloud