git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Tue, 5 Jun 2012 22:28:30 +0000 (15:28 -0700)
committer	Casey Schaufler <casey@schaufler-ca.com>
	Thu, 7 Jun 2012 02:28:46 +0000 (19:28 -0700)
commit	5fd6551bd986b4ece8bd3d1985da61a4a1de2067
tree	297b50b24c8afaac65edc69a7e3f9e02da22663e	tree \| snapshot
parent	94103be3cb659c1f5d53994faf05876272818e62	commit \| diff

Smack: onlycap limits on CAP_MAC_ADMIN

Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.

This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

security/smack/smack.h		diff \| blob \| history
security/smack/smack_access.c		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history