Viewing all changes in revision 2615.
- Committer: Tyler Hicks
- Date: 2014-08-26 09:03:38 UTC
- Revision ID: tyhicks@canonical.com-20140826090338-hrhpxfiigx8tkf39
map the net permission set into a form compatible with the old dfa table
The old dfa table format has 2 64 bit permission field used to store
all of allow, quiet, audit, owner/!owner and transition mask. This leaves
7 bits for entry + a few other special bits.
Since policydb entries when using old style dfa permission format
don't use support the !owner permission entries we can map, the
high net work permission bits to these entries.
This allows us to enforce base network permissions on system with
only support for the old dfa table format.
Signed-off-by: John Johansen <john.johansen@canonical.com>
The old dfa table format has 2 64 bit permission field used to store
all of allow, quiet, audit, owner/!owner and transition mask. This leaves
7 bits for entry + a few other special bits.
Since policydb entries when using old style dfa permission format
don't use support the !owner permission entries we can map, the
high net work permission bits to these entries.
This allows us to enforce base network permissions on system with
only support for the old dfa table format.
Signed-off-by: John Johansen <john.johansen@canonical.com>
- files modified:
- parser/af_unix.cc
expand all
collapse all
added
removed
