| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | LSM: fix return value check in safesetid_init_securityfs() | Wei Yongjun | 2019-02-12 | 1 | -1/+1 |
| | | | | | | | | | | | | In case of error, the function securityfs_create_dir() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: aeca4e2ca65c ("LSM: add SafeSetID module that gates setid calls") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> | ||||
| * | LSM: add SafeSetID module that gates setid calls | Micah Morton | 2019-01-25 | 1 | -0/+193 |
| SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> | |||||
 |
index : talos-op-linux | |
| Talos™ II Linux sources for OpenPOWER | Raptor Computing Systems |
| summaryrefslogtreecommitdiffstats |
|