apparmor: add ns being viewed as a param to policy_view_capable()
authorJohn Johansen <john.johansen@canonical.com>
Mon, 16 Jan 2017 08:42:50 +0000 (00:42 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Mon, 16 Jan 2017 09:18:39 +0000 (01:18 -0800)
commit2bd8dbbf22fe9eb2a99273436f815d49ceb23a8f
tree17cdd607014ece52ccafbbc472750b3d25a9f566
parenta6f233003b1af70132619bca386dfae1862a45e8
apparmor: add ns being viewed as a param to policy_view_capable()

Prepare for a tighter pairing of user namespaces and apparmor policy
namespaces, by making the ns to be viewed available and checking
that the user namespace level is the same as the policy ns level.

This strict pairing will be relaxed once true support of user namespaces
lands.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/include/context.h
security/apparmor/include/policy.h
security/apparmor/lsm.c
security/apparmor/policy.c