kernel_optimize_test/security/smack
Casey Schaufler 1880eff77e Smack: onlycap limits on CAP_MAC_ADMIN
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.

This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2012-07-13 15:49:23 -07:00
..
Kconfig
Makefile
smack_access.c Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smack_lsm.c Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smack.h Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smackfs.c Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00