op-kernel-dev - Development kernel branch for OpenPOWER systems

	Commit message (Collapse)	Author	Age	Files	Lines
*	apparmor: split load data into management struct and data blob	John Johansen	2018-02-09	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \|	Splitting the management struct from the actual data blob will allow us in the future to do some sharing and other data reduction techniques like replacing the the raw data with compressed data. Prepare for this by separating the management struct from the data blob. Signed-off-by: John Johansen <john.johansen@canonical.com>
*	apparmor: move to per loaddata files, instead of replicating in profiles	John Johansen	2017-06-08	1	-4/+64
\| \| \| \| \| \| \| \| \| \|	The loaddata sets cover more than just a single profile and should be tracked at the ns level. Move the load data files under the namespace and reference the files from the profiles via a symlink. Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
*	apparmor: audit policy ns specified in policy load	John Johansen	2017-01-16	1	-0/+1
\| \| \| \| \| \| \|	Verify that profiles in a load set specify the same policy ns and audit the name of the policy ns that policy is being loaded for. Signed-off-by: John Johansen <john.johansen@canonical.com>
*	apparmor: allow introspecting the loaded policy pre internal transform	John Johansen	2017-01-16	1	-1/+26
\| \| \| \| \| \| \| \|	Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: John Johansen <john.johansen@canonical.com>
*	apparmor: allow setting any profile into the unconfined state	John Johansen	2013-08-14	1	-0/+7
\| \| \| \| \| \| \| \|	Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
*	apparmor: provide base for multiple profiles to be replaced at once	John Johansen	2013-08-14	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \|	previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <john.johansen@canonical.com>
*	AppArmor: policy routines for loading and unpacking policy	John Johansen	2010-08-02	1	-0/+20
	AppArmor policy is loaded in a platform independent flattened binary stream. Verify and unpack the data converting it to the internal format needed for enforcement. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>