iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Tyler Hicks 6af4737361 net: Use ns_capable_noaudit() when determining net sysctl permissions 
commit d6e0d306449bcb5fa3c80e7a3edf11d45abf9ae9 upstream.

The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.

The denial audit message caused confusion for some application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.

BugLink: https://launchpad.net/bugs/1465724

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:50 +02:00
..
6lowpan
6lowpan: put mcast compression in an own function
2015-10-21 00:49:25 +02:00
9p
IB/cma: Add support for network namespaces
2015-10-28 12:32:48 -04:00
802
8021q
vlan: Do not put vlan headers back on bridge and macvlan ports
2015-11-17 14:38:35 -05:00
appletalk
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
atm
atm: deal with setting entry before mkip was called
2015-09-17 22:13:32 -07:00
ax25
AX.25: Close socket connection on session completion
2016-07-11 09:31:12 -07:00
batman-adv
batman-adv: Reduce refcnt of removed router when updating route
2016-05-11 11:21:18 +02:00
bluetooth
Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
2016-08-20 18:09:19 +02:00
bridge
Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-07-11 09:31:11 -07:00
caif
net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
2015-12-01 15:45:05 -05:00
can
can: avoid using timeval for uapi
2015-10-13 17:42:34 +02:00
ceph
libceph: apply new_state before new_up_client on incrementals
2016-08-10 11:49:29 +02:00
core
net_sched: fix mirrored packets checksum
2016-07-27 09:47:31 -07:00
dcb
net/dcb: make dcbnl.c explicitly non-modular
2015-10-09 07:52:27 -07:00
dccp
tcp/dccp: remove obsolete WARN_ON() in icmp handlers
2016-04-20 15:42:04 +09:00
decnet
decnet: Do not build routes to devices without decnet private data.
2016-05-18 17:06:35 -07:00
dns_resolver
net: dns_resolver: convert time_t to time64_t
2015-11-18 16:27:46 -05:00
dsa
net: dsa: use switchdev obj for VLAN add/del ops
2015-11-01 15:56:11 -05:00
ethernet
net: help compiler generate better code in eth_get_headlen
2015-09-28 22:51:15 -07:00
hsr
net/hsr: fix a warning message
2015-11-23 14:56:15 -05:00
ieee802154
net: fix percpu memory leaks
2015-11-02 22:47:14 -05:00
ipv4
udp: properly support MSG_PEEK with truncated buffers
2016-09-15 08:27:49 +02:00
ipv6
udp: properly support MSG_PEEK with truncated buffers
2016-09-15 08:27:49 +02:00
ipx
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
irda
net/irda: fix NULL pointer dereference on memory allocation failure
2016-08-16 09:30:48 +02:00
iucv
af_iucv: Validate socket address length in iucv_sock_bind()
2016-03-03 15:07:03 -08:00
key
af_key: fix two typos
2015-10-23 03:05:19 -07:00
l2tp
l2tp: fix configuration passed to setup_udp_tunnel_sock()
2016-06-24 10:18:17 -07:00
l3mdev
net: Add netif_is_l3_slave
2015-10-07 04:27:43 -07:00
lapb
llc
net: fix infoleak in llc
2016-05-18 17:06:40 -07:00
mac80211
mac80211: fix purging multicast PS buffer queue
2016-09-07 08:32:41 +02:00
mac802154
mac802154: llsec: use kzfree
2015-10-21 00:49:24 +02:00
mpls
mpls: find_outdev: check for err ptr in addition to NULL check
2016-04-20 15:42:07 +09:00
netfilter
netfilter: x_tables: check for size overflow
2016-09-15 08:27:50 +02:00
netlabel
netlabel: add address family checks to netlbl_{sock,req}_delattr()
2016-08-20 18:09:22 +02:00
netlink
netlink: Fix dump skb leak/double free
2016-06-24 10:18:16 -07:00
netrom
netfilter: Remove spurios included of netfilter.h
2015-06-18 21:14:32 +02:00
nfc
net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
2015-12-01 15:45:05 -05:00
openvswitch
vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices
2016-06-24 10:18:18 -07:00
packet
packet: Use symmetric hash for PACKET_FANOUT_HASH.
2016-07-27 09:47:31 -07:00
phonet
phonet: properly unshare skbs in phonet_rcv()
2016-01-31 11:29:00 -08:00
rds
RDS: fix rds_tcp_init() error path
2016-08-10 11:49:29 +02:00
rfkill
rfkill: fix rfkill_fop_read wait_event usage
2016-03-03 15:07:26 -08:00
rose
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-06-24 02:58:51 -07:00
rxrpc
net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
2015-12-01 15:45:05 -05:00
sched
net_sched: fix mirrored packets checksum
2016-07-27 09:47:31 -07:00
sctp
sctp: lack the check for ports in sctp_v6_cmp_addr
2016-04-20 15:41:58 +09:00
sunrpc
SUNRPC: allow for upcalls for same uid but different gss service
2016-09-07 08:32:36 +02:00
switchdev
switchdev: pass pointer to fib_info instead of copy
2016-06-24 10:18:16 -07:00
tipc
tipc: fix nl compat regression for link statistics
2016-09-15 08:27:49 +02:00
unix
af_unix: fix hard linked sockets on overlay
2016-07-27 09:47:33 -07:00
vmw_vsock
VSOCK: do not disconnect socket when peer has shutdown SEND only
2016-05-18 17:06:41 -07:00
wimax
net:wimax: Fix doucble word "the the" in networking.xml
2015-08-09 22:43:52 -07:00
wireless
wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel
2016-06-24 10:18:20 -07:00
x25
net: fix a kernel infoleak in x25 module
2016-05-18 17:06:43 -07:00
xfrm
xfrm: Fix crash observed during device unregistration and decryption
2016-04-20 15:42:05 +09:00
compat.c
net: switch importing msghdr from userland to {compat_,}import_iovec()
2015-04-09 00:02:26 -04:00
Kconfig
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
Makefile
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
socket.c
net: Fix use after free in the recvmmsg exit path
2016-04-20 15:42:03 +09:00
sysctl_net.c
net: Use ns_capable_noaudit() when determining net sysctl permissions
2016-09-15 08:27:50 +02:00