projects / linux-flexiantxendom0-3.2.10.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: b7e724d) | patch
capabilities: introduce security_capable_noaudit
authorEric Paris <eparis@redhat.com>
Tue, 3 Jan 2012 17:25:15 +0000 (12:25 -0500)
committerEric Paris <eparis@redhat.com>
Thu, 5 Jan 2012 23:52:54 +0000 (18:52 -0500)
commitc7eba4a97563fd8b431787f7ad623444f2da80c6
tree12041949c45c2f394d6a96041c39e07ad6df720btree | snapshot
parentb7e724d303b684655e4ca3dabd5a6840ad19012dcommit | diff
capabilities: introduce security_capable_noaudit

Exactly like security_capable except don't audit any denials.  This is for
places where the kernel may make decisions about what to do if a task has a
given capability, but which failing that capability is not a sign of a
security policy violation.  An example is checking if a task has
CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer.
This check is not a security violation if it is denied.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
include/linux/security.h diff | blob | history
security/security.c diff | blob | history
Port of xen3.3 xenlinux code to Ubuntu packaged SUSE kernel (3.2.10)