microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/security
История
Christian Göttsche ee49b97cb5 security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-19 12:22:28 +02:00
..
apparmor apparmor: fix missing error check for rhashtable_insert_fast 2023-07-23 13:47:30 +02:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity: Fix possible multiple allocation in integrity_inode_get() 2023-07-23 13:47:33 +02:00
keys security: keys: perform capable check only on privileged operations 2023-09-19 12:22:28 +02:00
landlock landlock: Fix same-layer rule unions 2022-06-09 10:23:24 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: set next pointer before attaching to list 2023-08-30 16:18:17 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-08 14:23:55 +02:00
tomoyo tomoyo: fix broken dependency on *.conf.default 2023-02-01 08:27:05 +01:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-07-23 12:54:10 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c ima: Align ima_file_mmap() parameters with mmap_file LSM hook 2023-03-10 09:40:03 +01:00