diff options
| author | Eric Paris <[email protected]> | 2012-01-03 17:25:15 +0000 |
|---|---|---|
| committer | Eric Paris <[email protected]> | 2012-01-05 23:52:54 +0000 |
| commit | c7eba4a97563fd8b431787f7ad623444f2da80c6 (patch) | |
| tree | 12041949c45c2f394d6a96041c39e07ad6df720b /security/selinux/hooks.c | |
| parent | capabilities: reverse arguments to security_capable (diff) | |
| download | kernel-c7eba4a97563fd8b431787f7ad623444f2da80c6.tar.gz kernel-c7eba4a97563fd8b431787f7ad623444f2da80c6.zip | |
capabilities: introduce security_capable_noaudit
Exactly like security_capable except don't audit any denials. This is for
places where the kernel may make decisions about what to do if a task has a
given capability, but which failing that capability is not a sign of a
security policy violation. An example is checking if a task has
CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer.
This check is not a security violation if it is denied.
Signed-off-by: Eric Paris <[email protected]>
Acked-by: Serge E. Hallyn <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions