John Johansen 25e75dff51 AppArmor: Fix masking of capabilities in complain mode ... AppArmor is masking the capabilities returned by capget against the capabilities mask in the profile. This is wrong, in complain mode the profile has effectively all capabilities, as the profile restrictions are not being enforced, merely tested against to determine if an access is known by the profile. This can result in the wrong behavior of security conscience applications like sshd which examine their capability set, and change their behavior accordingly. In this case because of the masked capability set being returned sshd fails due to DAC checks, even when the profile is in complain mode. Kernels affected: 2.6.36 - 3.0. Signed-off-by: John Johansen <john.johansen@canonical.com>		2011-06-29 02:04:44 +01:00
..
apparmor	AppArmor: Fix masking of capabilities in complain mode	2011-06-29 02:04:44 +01:00
integrity/ima	ima: remove unnecessary call to ima_must_measure	2011-02-23 16:38:52 -05:00
keys	KEYS: Fix error handling in construct_key_and_link()	2011-06-21 18:31:45 -07:00
selinux	Merge branch 'for-linus' of git://git.infradead.org/users/eparis/selinux into for-linus	2011-06-15 09:41:48 +10:00
smack	Merge commit 'v2.6.39' into 20110526	2011-05-26 17:20:14 -04:00
tomoyo	TOMOYO: Fix oops in tomoyo_mount_acl().	2011-06-14 15:18:42 +10:00
capability.c	SECURITY: Move exec_permission RCU checks into security modules	2011-04-25 10:20:32 -04:00
commoncap.c	capabilities: do not special case exec of init	2011-04-04 10:31:06 +10:00
device_cgroup.c	devcgroup_inode_permission: take "is it a device node" checks to inlined wrapper	2011-06-20 10:46:04 -04:00
inode.c
Kconfig	security: select correct default LSM_MMAP_MIN_ADDR on ARM.	2011-03-22 09:35:12 +11:00
lsm_audit.c	LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH	2011-04-25 18:14:07 -04:00
Makefile
min_addr.c
security.c	SECURITY: Move exec_permission RCU checks into security modules	2011-04-25 10:20:32 -04:00