Age | Commit message (Collapse) | Author |
|
Lennart:
> Hmm, I just noticed this patch:
>
> https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169
>
> It contains a different check for AppArmor. Basically something like this:
>
> /sys/module/apparmor/parameters/enabled == 'Y'
>
> I'd prefer if we could change our code to do the same, given that
> the Ubuntu guys are guys are upstream for apparmor.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
|
|
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
|
|
|
|
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
|
|
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=54448
|
|
|
|
|
|
/sys/class/tty/console/active is misleading
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
|