iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/security
History
Mickaël Salaün eba39ca4b1
landlock: Change landlock_restrict_self(2) check ordering 
According to the Landlock goal to be a security feature available to
unprivileges processes, it makes more sense to first check for
no_new_privs before checking anything else (i.e. syscall arguments).

Merge inval_fd_enforce and unpriv_enforce_without_no_new_privs tests
into the new restrict_self_checks_ordering.  This is similar to the
previous commit checking other syscalls.

Link: https://lore.kernel.org/r/20220506160820.524344-10-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2022-05-23 13:27:51 +02:00
..
apparmor
tracehook: Remove tracehook.h
2022-03-10 16:51:51 -06:00
bpf
bpf: Implement task local storage
2020-11-06 08:08:37 -08:00
integrity
Networking changes for 5.18.
2022-03-24 13:13:26 -07:00
keys
ARM driver updates for 5.18
2022-03-23 18:23:13 -07:00
landlock
landlock: Change landlock_restrict_self(2) check ordering
2022-05-23 13:27:51 +02:00
loadpin
LSM: Add "contents" flag to kernel_read_file hook
2020-10-05 13:37:03 +02:00
lockdown
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2020-06-02 17:36:24 -07:00
safesetid
LSM: SafeSetID: Mark safesetid_initialized as __initdata
2021-06-10 09:52:32 -07:00
selinux
ptrace: Cleanups for v5.18
2022-03-28 17:29:53 -07:00
smack
Fix incorrect type in assignment of ipv6 port for audit
2022-02-28 15:45:32 -08:00
tomoyo
drm for 5.18-rc1
2022-03-24 16:19:43 -07:00
yama
task_work: cleanup notification modes
2020-10-17 15:05:30 -06:00
commoncap.c
fs: support mapped mounts of mapped filesystems
2021-12-05 10:28:57 +01:00
device_cgroup.c
bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean
2022-01-19 12:51:30 -08:00
inode.c
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
Kconfig
hardening updates for v5.18-rc1-fix1
2022-03-31 11:43:01 -07:00
Kconfig.hardening
gcc-plugins/stackleak: Provide verbose mode
2022-02-06 10:49:57 -08:00
lsm_audit.c
lsm_audit: avoid overloading the "key" audit field
2021-09-19 22:47:04 -04:00
Makefile
security: remove unneeded subdir-$(CONFIG_...)
2021-09-03 08:17:20 +09:00
min_addr.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
security.c
selinux/stable-5.18 PR 20220321
2022-03-21 20:47:54 -07:00