Linux kernel source tree https://git.amat.us/linux/atom/security/apparmor/include/file.h?h=v3.0.30 2011-01-10T16:51:44Z 2011-01-10T16:51:44Z Alexey Dobriyan adobriyan@gmail.com 2011-01-10T06:17:10Z urn:sha1:37721e1b0cf98cb65895f234d8c500d270546529 Remove path.h from sched.h and other files. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2010-08-02T05:35:14Z John Johansen john.johansen@canonical.com 2010-07-29T21:48:04Z urn:sha1:6380bd8ddf613b29f478396308b591867d401de4 AppArmor does files enforcement via pathname matching. Matching is done at file open using a dfa match engine. Permission is against the final file object not parent directories, ie. the traversal of directories as part of the file match is implicitly allowed. In the case of nonexistant files (creation) permissions are checked against the target file not the directory. eg. In case of creating the file /dir/new, permissions are checked against the match /dir/new not against /dir/. The permissions for matches are currently stored in the dfa accept table, but this will change to allow for dfa reuse and also to allow for sharing of wider accept states. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>