John Johansen c29bceb396 Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS ... Add support for AppArmor to explicitly fail requested domain transitions if NO_NEW_PRIVS is set and the task is not unconfined. Transitions from unconfined are still allowed because this always results in a reduction of privileges. Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Will Drewry <wad@chromium.org> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Andy Lutomirski <luto@amacapital.net> v18: new acked-by, new description Signed-off-by: James Morris <james.l.morris@oracle.com>		2012-04-14 11:13:18 +10:00
..
apparmor	Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS	2012-04-14 11:13:18 +10:00
integrity	security: fix ima kconfig warning	2012-02-28 11:01:15 +11:00
keys	usermodehelper: kill umh_wait, renumber UMH_* constants	2012-03-23 16:58:41 -07:00
selinux	Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs	2012-04-14 11:13:18 +10:00
smack	lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'	2012-04-03 09:49:59 -07:00
tomoyo	usermodehelper: use UMH_WAIT_PROC consistently	2012-03-23 16:58:41 -07:00
yama	Yama: add PR_SET_PTRACER_ANY	2012-02-16 10:25:18 +11:00
capability.c	security: create task_free security callback	2012-02-10 09:14:51 +11:00
commoncap.c	Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs	2012-04-14 11:13:18 +10:00
device_cgroup.c	cgroup: remove cgroup_subsys argument from callbacks	2012-02-02 09:20:22 -08:00
inode.c	securityfs: fix object creation races	2012-01-10 10:20:35 -05:00
Kconfig	security: Yama LSM	2012-02-10 09:18:52 +11:00
lsm_audit.c	lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'	2012-04-03 09:49:59 -07:00
Makefile	security: Yama LSM	2012-02-10 09:18:52 +11:00
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	2010-04-23 08:56:31 +10:00
security.c	security: trim security.h	2012-02-14 10:45:42 +11:00