github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-16 18:46:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1a8df7fa00
linux/security
History
Andrii Nakryiko d734ca7b33 bpf,lsm: add BPF token LSM hooks 
Wire up bpf_token_create and bpf_token_free LSM hooks, which allow to
allocate LSM security blob (we add `void *security` field to struct
bpf_token for that), but also control who can instantiate BPF token.
This follows existing pattern for BPF map and BPF prog.

Also add security_bpf_token_allow_cmd() and security_bpf_token_capable()
LSM hooks that allow LSM implementation to control and negate (if
necessary) BPF token's delegation of a specific bpf_cmd and capability,
respectively.

Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231130185229.2688956-12-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-12-06 10:03:00 -08:00
..
apparmor + Features 2023-11-03 09:48:17 -10:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity As usual, lots of singleton and doubleton patches all over the tree and 2023-11-02 20:53:31 -10:00
keys This update includes the following changes: 2023-11-02 16:15:30 -10:00
landlock landlock: Support network rules with TCP bind and connect 2023-10-26 21:07:15 +02:00
loadpin LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by 2023-08-25 16:07:30 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux bpf,lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks 2023-12-06 10:02:59 -08:00
smack Smack updates for v6.6. Two minor fixes. 2023-08-30 09:28:07 -07:00
tomoyo lsm: constify 'bprm' parameter in security_bprm_committed_creds() 2023-09-14 15:27:29 -04:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
commoncap.c lsm: constify 'file' parameter in security_bprm_creds_from_file() 2023-09-13 18:09:35 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
Makefile
min_addr.c
security.c bpf,lsm: add BPF token LSM hooks 2023-12-06 10:03:00 -08:00