mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Update apparmor_kernel_development_guide

John Johansen
2018-09-29 06:04:33 +00:00
parent dfb2387282
commit 6b2f0b25ed
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apparmor_kernel_development_guide.md

@@ -60,6 +60,11 @@ Mediation
- task.c, include/task.h: task related mediation and storing off of state for nonewprivs, change_hat, change_onexec - task.c, include/task.h: task related mediation and storing off of state for nonewprivs, change_hat, change_onexec
- resource.c, include/resource.h: mediation of rlimits, and also setting rlimits to profile defined values - resource.c, include/resource.h: mediation of rlimits, and also setting rlimits to profile defined values
# LSM
Infrastructure that provides a set of hooks and blobs off of kernel object. Hooks are spread through out the kernel, called using
- security_XXX.
????
# task labeling # task labeling
The task's label is stored off of the task's cred security blob, not the task security blob. In older versions of apparmor the data stored in the task security blob was also stored in the cred security blob in addition to the label, and there was no task security blob. The task's label is stored off of the task's cred security blob, not the task security blob. In older versions of apparmor the data stored in the task security blob was also stored in the cred security blob in addition to the label, and there was no task security blob.