WSL2-Linux-Kernel/security
Chenbo Feng f66e448cfd selinux: bpf: Add addtional check for bpf object file receive
Introduce a bpf object related check when sending and receiving files
through unix domain socket as well as binder. It checks if the receiving
process have privilege to read/write the bpf map or use the bpf program.
This check is necessary because the bpf maps and programs are using a
anonymous inode as their shared inode so the normal way of checking the
files and sockets when passing between processes cannot work properly on
eBPF object. This check only works when the BPF_SYSCALL is configured.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-20 13:32:59 +01:00
..
apparmor + Features 2017-09-23 05:33:29 -10:00
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
keys security/keys: rewrite all of big_key crypto 2017-09-25 23:31:58 +01:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux: bpf: Add addtional check for bpf object file receive 2017-10-20 13:32:59 +01:00
smack lsm: fix smack_inode_removexattr and xattr_getsecurity memleak 2017-10-04 18:03:15 +11:00
tomoyo exec: Rename bprm->cred_prepared to called_set_creds 2017-08-01 12:02:48 -07:00
yama doc: ReSTify Yama.txt 2017-05-18 10:33:04 -06:00
Kconfig include/linux/string.h: add the option of fortified string.h functions 2017-07-12 16:26:03 -07:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
commoncap.c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-09-24 11:40:41 -07:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
lsm_audit.c lsm_audit: update my email address 2017-08-17 15:33:39 -04:00
min_addr.c
security.c security: bpf: Add LSM hooks for bpf object related syscall 2017-10-20 13:32:59 +01:00