71a98971b9
Looking at current_cred() in write handlers is bad form, stop doing that. Also, let's just require that the write is coming from the initial user namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org> |
||
---|---|---|
.. | ||
apparmor | ||
integrity | ||
keys | ||
loadpin | ||
safesetid | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
Kconfig | ||
Kconfig.hardening | ||
lsm_audit.c | ||
Makefile | ||
min_addr.c | ||
security.c |