Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-10 22:21:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
e68bfbd3b3
linux/security
History
Wang Weiyang e68bfbd3b3 device_cgroup: Roll back to original exceptions after copy failure 
When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.

Backup A's whitelist and recover original exceptions after copy
failure.

Cc: stable@vger.kernel.org
Fixes: 4cef7299b4 ("device_cgroup: add proper checking when changing default behavior")
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-11-16 18:28:55 -05:00
..
apparmor lsm: make security_socket_getpeersec_stream() sockptr_t safe 2022-11-04 23:25:30 -04:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity fs.acl.rework.prep.v6.1 2022-10-03 19:48:54 -07:00
keys tpmdd updates for Linux v6.1-rc1 2022-10-10 13:09:33 -07:00
landlock landlock: Fix documentation style 2022-09-29 18:43:04 +02:00
loadpin LoadPin: Require file with verity root digests to have a header 2022-09-07 16:37:27 -07:00
lockdown lockdown: ratelimit denial messages 2022-09-14 07:37:50 -04:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux lsm: make security_socket_getpeersec_stream() sockptr_t safe 2022-11-04 23:25:30 -04:00
smack lsm: make security_socket_getpeersec_stream() sockptr_t safe 2022-11-04 23:25:30 -04:00
tomoyo tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2022-11-16 18:28:55 -05:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-06-29 17:43:41 +02:00
Kconfig.hardening - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
lsm_audit.c audit: Fix some kernel-doc warnings 2022-10-28 06:37:55 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c LSM: Better reporting of actual LSMs at boot 2022-11-16 17:50:09 -05:00