linux/security
Miklos Szeredi f2b00be488 cap: fix conversions on getxattr
If a capability is stored on disk in v2 format cap_inode_getsecurity() will
currently return in v2 format unconditionally.

This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid,
and so the same conversions performed on it.

If the rootid cannot be mapped, v3 is returned unconverted.  Fix this so
that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs
user namespace in case of v2) cannot be mapped into the current user
namespace.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2021-01-28 10:22:48 +01:00
..
apparmor apparmor: remove duplicate macro list_entry_is_head() 2020-12-15 22:46:19 -08:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity EFI updates collected by Ard Biesheuvel: 2020-12-24 12:40:07 -08:00
keys Networking updates for 5.11 2020-12-15 13:22:29 -08:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Fix warnings reported by test bot 2020-10-13 09:17:36 -07:00
selinux selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
smack Provide a fix for the incorrect handling of privilege 2020-12-24 14:08:43 -08:00
tomoyo tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c cap: fix conversions on getxattr 2021-01-28 10:22:48 +01:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
Kconfig.hardening security: allow using Clang's zero initialization for stack variables 2020-06-16 02:06:23 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-16 15:11:35 -05:00
Makefile device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00