Re: [apparmor] [PATCH 01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY

t; necessary capable calls. > > Handle the flag accordingly in AppArmor and SELinux. > > CC: linux-bl...@vger.kernel.org > Suggested-by: Paul Moore > Signed-off-by: Christian Göttsche Thanks. Reviewed-by: Serge Hallyn > --- > v5: >rename flag to CAP_OPT_NOAUDIT_O

Re: [apparmor] [PATCH bpf-next v4 01/20] lsm: Refactor return value of LSM hook vm_enough_memory

Jul 11, 2024 06:14:08 Xu Kuohai : > From: Xu Kuohai > > To be consistent with most LSM hooks, convert the return value of > hook vm_enough_memory to 0 or a negative error code. > > Before: > - Hook vm_enough_memory returns 1 if permission is granted, 0 if not. > - LSM_RET_DEFAULT(vm_enough_memory

Re: [apparmor] [PATCH bpf-next v4 02/20] lsm: Refactor return value of LSM hook inode_need_killpriv

Jul 11, 2024 06:14:09 Xu Kuohai : > From: Xu Kuohai > > To be consistent with most LSM hooks, convert the return value of > hook inode_need_killpriv to 0 or a negative error code. > > Before: > - Both hook inode_need_killpriv and func security_inode_need_killpriv >   return > 0 if security_inode_

[apparmor] [Merge] lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles

Serge Hallyn has proposed merging lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles. Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~serge-hallyn/apparmor-profiles/apparmor-profiles/+merge/291919 Add a

Re: [apparmor] [Merge] lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles

Yeah my main goal was to keep it from reading most of my own files. It runs as me so not very worried about system files. I did the MR to make myself follow up. I'll find time to tighten it down later. -- https://code.launchpad.net/~serge-hallyn/apparmor-profiles/apparmor-profiles/+