LSM: add SafeSetID module that gates setid calls - openslx/kernel-qcow2-linux.git

diff options

author	Micah Morton	2019-01-22 23:42:09 +0100
committer	James Morris	2019-01-25 20:22:43 +0100
commit	40852275a94afb3e836be9248399e036982d1a79 (patch)
tree	97db7b5d7dfae0ecd678b57bc861e60e949afe44 /security/Makefile
parent	tomoyo: Allow multiple use_group lines. (diff)
download	kernel-qcow2-linux-40852275a94afb3e836be9248399e036982d1a79.tar.gz kernel-qcow2-linux-40852275a94afb3e836be9248399e036982d1a79.tar.xz kernel-qcow2-linux-40852275a94afb3e836be9248399e036982d1a79.zip

LSM: add SafeSetID module that gates setid calls

This change ensures that the set*uid family of syscalls in kernel/sys.c (setreuid, setuid, setresuid, setfsuid) all call ns_capable_common with the CAP_OPT_INSETID flag, so capability checks in the security_capable hook can know whether they are being called from within a set*uid syscall. This change is a no-op by itself, but is needed for the proposed SafeSetID LSM. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>

Diffstat (limited to 'security/Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: