Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-15 08:31:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
4f189988a0
linux/security
History
Paul Moore 4f189988a0 selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES 
We presently prevent processes from using setexecon() to set the
security label of exec()'d processes when NO_NEW_PRIVS is enabled by
returning an error; however, we silently ignore setexeccon() when
exec()'ing from a nosuid mounted filesystem.  This patch makes things
a bit more consistent by returning an error in the setexeccon()/nosuid
case.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-15 11:16:06 -04:00
..
apparmor Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-11-21 19:46:00 -08:00
integrity Merge to v3.13-rc7 for prerequisite changes in the Xen code for TPM 2014-01-06 22:23:01 +11:00
keys KEYS: Make the keyring cycle detector ignore other keyrings of the same name 2014-03-09 18:57:18 -07:00
selinux selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES 2014-05-15 11:16:06 -04:00
smack Merge git://git.infradead.org/users/eparis/audit 2014-01-23 18:08:10 -08:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00
commoncap.c capabilities: allow nice if we are privileged 2013-08-30 23:44:09 -07:00
device_cgroup.c cgroup: replace cftype->read_seq_string() with cftype->seq_show() 2013-12-05 12:28:04 -05:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c Merge git://git.infradead.org/users/eparis/audit 2013-11-21 19:18:14 -08:00
Makefile security: remove erroneous comment about capabilities.o link ordering 2013-09-24 11:26:28 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00