Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.14.329 2017-06-11T00:11:40Z 2017-06-11T00:11:40Z John Johansen john.johansen@canonical.com 2017-06-09T21:07:02Z urn:sha1:c70c86c421427fd8487867de66c4104b15abd772 Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-06-08T19:51:52Z John Johansen john.johansen@canonical.com 2017-05-25T13:23:42Z urn:sha1:c97204baf840bf850e14ef4f5f43251239ca43b6 prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org> 2017-01-16T09:18:50Z John Johansen john.johansen@canonical.com 2017-01-16T08:43:08Z urn:sha1:12eb87d50bfe234c3f964e9fb47bbd0135010c13 apparmor should be checking the SECURITY_CAP_NOAUDIT constant. Also in complain mode make it so apparmor can elect to log a message, informing of the check. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-01-16T09:18:47Z John Johansen john.johansen@canonical.com 2017-01-16T08:43:02Z urn:sha1:ef88a7ac55fdd3bf6ac3942b83aa29311b45339b The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-10-30T04:33:37Z John Johansen john.johansen@canonical.com 2013-10-08T12:37:18Z urn:sha1:dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-08-14T18:42:07Z John Johansen john.johansen@canonical.com 2013-08-14T18:27:32Z urn:sha1:84f1f787421cd83bb7dfb34d584586f6a5fe7baa Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2012-04-09T16:23:04Z Eric Paris eparis@redhat.com 2012-04-04T19:01:43Z urn:sha1:50c205f5e5c2e2af002fd4ef537ded79b90b1b56 It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <eparis@redhat.com> 2012-04-09T16:23:02Z Eric Paris eparis@redhat.com 2012-04-04T19:01:42Z urn:sha1:0972c74ecba4878baa5f97bb78b242c0eefacfb6 apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com> 2012-04-09T16:23:01Z Eric Paris eparis@redhat.com 2012-04-04T19:01:42Z urn:sha1:bd5e50f9c1c71daac273fa586424f07205f6b13b Just open code it so grep on the source code works better. Signed-off-by: Eric Paris <eparis@redhat.com> 2012-04-03T16:48:40Z Eric Paris eparis@redhat.com 2012-04-03T16:37:02Z urn:sha1:3b3b0e4fc15efa507b902d90cea39e496a523c3b Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>