microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/security/selinux/include
История
Richard Haines 55d192691b selinux: allow FIOCLEX and FIONCLEX with policy capability 
[ Upstream commit 65881e1db4 ]

These ioctls are equivalent to fcntl(fd, F_SETFD, flags), which SELinux
always allows too.  Furthermore, a failed FIOCLEX could result in a file
descriptor being leaked to a process that should not have access to it.

As this patch removes access controls, a policy capability needs to be
enabled in policy to always allow these ioctls.

Based-on-patch-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-04-08 14:23:55 +02:00
..
audit.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
avc.h selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit() 2021-06-11 13:11:45 -04:00
avc_ss.h selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
classmap.h mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
conditional.h selinux: move policy commit after updating selinuxfs 2020-08-17 20:50:22 -04:00
ibpkey.h selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND. 2020-01-10 11:56:37 -05:00
ima.h selinux: measure state and policy capabilities 2021-03-08 19:39:07 -05:00
initial_sid_to_string.h selinux: remove unused initial SIDs and improve handling 2020-02-27 19:34:24 -05:00
netif.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
netlabel.h selinux: netlabel: Remove unused inline function 2020-05-12 20:16:33 -04:00
netnode.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
netport.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
objsec.h LSM: Infrastructure management of the superblock 2021-04-22 12:22:10 -07:00
policycap.h selinux: allow FIOCLEX and FIONCLEX with policy capability 2022-04-08 14:23:55 +02:00
policycap_names.h selinux: allow FIOCLEX and FIONCLEX with policy capability 2022-04-08 14:23:55 +02:00
security.h selinux: allow FIOCLEX and FIONCLEX with policy capability 2022-04-08 14:23:55 +02:00
xfrm.h selinux: delete selinux_xfrm_policy_lookup() useless argument 2021-05-10 21:38:31 -04:00