summaryrefslogtreecommitdiff
path: root/Documentation/apparmor.txt
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-07-29 14:48:06 -0700
committerJames Morris <jmorris@namei.org>2010-08-02 15:35:14 +1000
commit898127c34ec03291c86f4ff3856d79e9e18952bc (patch)
treec8845bd204b1c4b120f1be1cceea4ff96f749e53 /Documentation/apparmor.txt
parent6380bd8ddf613b29f478396308b591867d401de4 (diff)
downloadlinux-898127c34ec03291c86f4ff3856d79e9e18952bc.tar.gz
linux-898127c34ec03291c86f4ff3856d79e9e18952bc.tar.xz
AppArmor: functions for domain transitions
AppArmor routines for controling domain transitions, which can occur at exec or through self directed change_profile/change_hat calls. Unconfined tasks are checked at exec against the profiles in the confining profile namespace to determine if a profile should be attached to the task. Confined tasks execs are controlled by the profile which provides rules determining which execs are allowed and if so which profiles should be transitioned to. Self directed domain transitions allow a task to request transition to a given profile. If the transition is allowed then the profile will be applied, either immeditately or at exec time depending on the request. Immeditate self directed transitions have several security limitations but have uses in setting up stub transition profiles and other limited cases. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation/apparmor.txt')
0 files changed, 0 insertions, 0 deletions