1. 15 Apr, 2015 1 commit
  2. 22 Feb, 2013 1 commit
  3. 21 Sep, 2012 1 commit
  4. 09 Apr, 2012 2 commits
  5. 03 Apr, 2012 1 commit
  6. 27 Mar, 2012 1 commit
  7. 14 Mar, 2012 1 commit
  8. 27 Feb, 2012 1 commit
  9. 01 Aug, 2010 1 commit
    • John Johansen's avatar
      AppArmor: file enforcement routines · 6380bd8d
      John Johansen authored
      AppArmor does files enforcement via pathname matching.  Matching is done
      at file open using a dfa match engine.  Permission is against the final
      file object not parent directories, ie. the traversal of directories
      as part of the file match is implicitly allowed.  In the case of nonexistant
      files (creation) permissions are checked against the target file not the
      directory.  eg. In case of creating the file /dir/new, permissions are
      checked against the match /dir/new not against /dir/.
      
      The permissions for matches are currently stored in the dfa accept table,
      but this will change to allow for dfa reuse and also to allow for sharing
      of wider accept states.
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      6380bd8d