Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...

USN-7035-1 apparmor vulnerability

It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted...

[SECURITY] Fedora 25 Update: libsepol-2.5-10.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

[SECURITY] Fedora 25 Update: checkpolicy-2.5-8.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...