- rework how null transitions are done.
M fix-profile-namespaces.diff
- fix namespaces to use the :namespace: syntax
A cap-set.diff
- allow a profile to set a tasks capabilities similar to fscap
A rlimits.diff
- allow control of a tasks rlimits
- fix split init so that apparmor can be enabled at the boot command line.
The init was broken so that apparmor couldn't be enabled unless enabled
by default.
M apparmor-fix-lock-letter.diff
- fix the lock letter being reported (z -> k) and update some comments
A apparmor-create-append.diff
- fix semanitc bug where full write perms were needed to create a new file,
where only append is needed.
M fix-link-subset.diff
- partial fix of link subset
A no-safex-link-subset.diff
- more link subset fixes
A audit-log-type-in-syslog.diff
- fix audit type being missing when messages go to syslog. This patch
is needed for apparmor to work when messages go to syslog instead of
auditd. This patch can be dropped when upstream includes the
patch to report audit number when reporting to syslog
A audit-uid.diff
- report the fsuid to the log
A hat_perm.diff
- setup to use hat permissions instead of just profile search for
2.3
A apparmor-failed-name-error.diff
- fix a bug where on failed name resolution no error or information is
output. It now reports info in the status field and includes an
error_code
A extend-x-mods.diff
- extend the x-mods in preparation of audit ctl
A apparmor-secondary-accept.diff
- extend the dfa to have a second accept table used for audit ctl
A apparmor-audit-flags2.diff
- extend apparmor to support audit ctl of individual permissions.
- finish fixing link-subset
A fix-change_profile-namespace.diff
- Not applied, ignore
- pass vfsmnt param for cgroups
A fix-user-audit.diff
- nothing
A fix-link-subset.diff
- fix reporting of failed link subsets
A apparmor-fix-lock-letter.diff
- fix the reported lock letter in apparmorfs/matching
- reverted audit request_mask back to requested_mask
A apparmor-fix-sysctl-refcount.diff
- fix a refcount leak in sysctl audit
- fix use of cxt->previous_profile, was changing it instead of searching
based off its name, which would could result in use of a stale
profile
- remove locking of cxt->previous_profile since it is not longer needed
- refresh change_profile series of patches
should_remove_suid into a seperate patch. The should_remove_suid
patch isn't needed so it should probably be removed.
Add first attempt at using lockdep typing to get rid of false
irq inversion messages.
