summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-07-29 14:48:04 -0700
committerJames Morris <jmorris@namei.org>2010-08-02 15:35:14 +1000
commit6380bd8ddf613b29f478396308b591867d401de4 (patch)
tree6d8fc9356a652f8452ccf49e7f79cc700cc2768d /lib
parent63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0 (diff)
AppArmor: file enforcement routines
AppArmor does files enforcement via pathname matching. Matching is done at file open using a dfa match engine. Permission is against the final file object not parent directories, ie. the traversal of directories as part of the file match is implicitly allowed. In the case of nonexistant files (creation) permissions are checked against the target file not the directory. eg. In case of creating the file /dir/new, permissions are checked against the match /dir/new not against /dir/. The permissions for matches are currently stored in the dfa accept table, but this will change to allow for dfa reuse and also to allow for sharing of wider accept states. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions