LSM: SafeSetID: fix userns handling in securityfs - openslx/kernel-qcow2-linux.git

diff options

author	Jann Horn	2019-04-10 18:55:58 +0200
committer	Micah Morton	2019-07-15 17:07:19 +0200
commit	71a98971b932174e121bc19056475c601598132f (patch)
tree	fb3a1ee4a8b7cdec81b2f0671524a25af4b5b016 /tools/testing
parent	LSM: SafeSetID: refactor policy parsing (diff)
download	kernel-qcow2-linux-71a98971b932174e121bc19056475c601598132f.tar.gz kernel-qcow2-linux-71a98971b932174e121bc19056475c601598132f.tar.xz kernel-qcow2-linux-71a98971b932174e121bc19056475c601598132f.zip

LSM: SafeSetID: fix userns handling in securityfs

Looking at current_cred() in write handlers is bad form, stop doing that. Also, let's just require that the write is coming from the initial user namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>

Diffstat (limited to 'tools/testing')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: