WSL2-Linux-Kernel/security
John Johansen c29bceb396 Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
Add support for AppArmor to explicitly fail requested domain transitions
if NO_NEW_PRIVS is set and the task is not unconfined.

Transitions from unconfined are still allowed because this always results
in a reduction of privileges.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>

v18: new acked-by, new description
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-04-14 11:13:18 +10:00
..
apparmor Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS 2012-04-14 11:13:18 +10:00
integrity security: fix ima kconfig warning 2012-02-28 11:01:15 +11:00
keys usermodehelper: kill umh_wait, renumber UMH_* constants 2012-03-23 16:58:41 -07:00
selinux Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-14 11:13:18 +10:00
smack lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03 09:49:59 -07:00
tomoyo usermodehelper: use UMH_WAIT_PROC consistently 2012-03-23 16:58:41 -07:00
yama Yama: add PR_SET_PTRACER_ANY 2012-02-16 10:25:18 +11:00
Kconfig security: Yama LSM 2012-02-10 09:18:52 +11:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
capability.c security: create task_free security callback 2012-02-10 09:14:51 +11:00
commoncap.c Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-14 11:13:18 +10:00
device_cgroup.c cgroup: remove cgroup_subsys argument from callbacks 2012-02-02 09:20:22 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
lsm_audit.c lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03 09:49:59 -07:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security: trim security.h 2012-02-14 10:45:42 +11:00