github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
60aad4d1a8
linux/kernel
History
Mickaël Salaün 3863935f06 seccomp: Set PF_SUPERPRIV when checking capability 
commit fb14528e44 upstream.

Replace the use of security_capable(current_cred(), ...) with
ns_capable_noaudit() which set PF_SUPERPRIV.

Since commit 98f368e9e2 ("kernel: Add noaudit variant of
ns_capable()"), a new ns_capable_noaudit() helper is available.  Let's
use it!

Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Tyler Hicks <tyhicks@linux.microsoft.com>
Cc: Will Drewry <wad@chromium.org>
Cc: stable@vger.kernel.org
Fixes: e2cfabdfd0 ("seccomp: add system call filtering using BPF")
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20201030123849.770769-3-mic@digikod.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-11-24 13:27:26 +01:00
..
bpf bpf: Fix a rcu warning for bpffs map pretty-print 2020-10-01 13:14:52 +02:00
cgroup cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() 2020-08-19 08:14:47 +02:00
configs
debug kgdb: Make "kgdbcon" work properly with "kgdb_earlycon" 2020-11-05 11:08:41 +01:00
dma swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" 2020-11-18 19:18:51 +01:00
events perf/core: Fix race in the perf_mmap_close() function 2020-11-18 19:18:52 +01:00
gcov gcov: add support for GCC 10.1 2020-09-17 13:45:31 +02:00
irq genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY 2020-11-18 19:18:41 +01:00
livepatch
locking locking/lockdep: Fix overflow in presentation of average lock-time 2020-09-03 11:24:21 +02:00
power PM: hibernate: remove the bogus call to get_gendisk() in software_resume() 2020-10-30 10:38:28 +01:00
printk printk: handle blank console arguments passed in. 2020-10-01 13:14:45 +02:00
rcu
sched sched/features: Fix !CONFIG_JUMP_LABEL case 2020-10-30 10:38:25 +01:00
time random32: make prandom_u32() output unpredictable 2020-11-18 19:18:52 +01:00
trace tracing: Fix out of bounds write in get_trace_buf 2020-11-10 12:35:58 +01:00
.gitignore
acct.c
async.c
audit_fsnotify.c
audit_tree.c
audit_watch.c audit: CONFIG_CHANGE don't log internal bookkeeping as an event 2020-10-01 13:14:33 +02:00
audit.c audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:05:13 +02:00
audit.h audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:05:13 +02:00
auditfilter.c audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:05:13 +02:00
auditsc.c
backtracetest.c
bounds.c
capability.c
compat.c make 'user_access_begin()' do 'access_ok()' 2020-06-22 09:04:58 +02:00
configs.c
context_tracking.c
cpu_pm.c kernel/cpu_pm: Fix uninitted local in cpu_pm 2020-06-22 09:05:28 +02:00
cpu.c sched/core: Fix illegal RCU from offline CPUs 2020-06-22 09:05:14 +02:00
crash_core.c
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c don't dump the threads that had been already exiting when zapped. 2020-11-18 19:18:50 +01:00
extable.c
fail_function.c fail_function: Remove a redundant mutex unlock 2020-11-24 13:27:23 +01:00
fork.c fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 2020-11-10 12:36:00 +01:00
freezer.c
futex.c futex: Don't enable IRQs unconditionally in put_pi_state() 2020-11-18 19:18:49 +01:00
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c kallsyms: Refactor kallsyms_show_value() to take cred 2020-07-16 08:17:26 +02:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kexec_core.c
kexec_file.c
kexec_internal.h
kexec.c
kmod.c
kprobes.c kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE 2020-10-01 13:14:54 +02:00
ksysfs.c
kthread.c kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled 2020-11-10 12:35:58 +01:00
latencytop.c
Makefile
memremap.c
module_signing.c
module-internal.h
module.c module: Correctly truncate sysfs sections output 2020-08-21 11:05:34 +02:00
notifier.c
nsproxy.c
padata.c padata: purge get_cpu and reorder_via_wq from padata_do_serial 2020-05-27 17:37:36 +02:00
panic.c
params.c
pid_namespace.c
pid.c
profile.c
ptrace.c ptrace: Set PF_SUPERPRIV when checking capability 2020-11-24 13:27:26 +01:00
range.c
reboot.c reboot: fix overflow parsing reboot cpu number 2020-11-18 19:18:52 +01:00
relay.c kernel/relay.c: fix memleak on destroy relay channel 2020-08-26 10:30:59 +02:00
resource.c
rseq.c
seccomp.c seccomp: Set PF_SUPERPRIV when checking capability 2020-11-24 13:27:26 +01:00
signal.c ptrace: fix task_join_group_stop() for the case when current is traced 2020-11-10 12:35:53 +01:00
smp.c
smpboot.c
smpboot.h
softirq.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c kernel/sys.c: avoid copying possible padding bytes in copy_to_user 2020-10-01 13:14:29 +02:00
sysctl_binary.c
sysctl.c
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
ucount.c
uid16.c
uid16.h
umh.c usermodehelper: reset umask to default before executing user process 2020-10-14 10:31:21 +02:00
up.c
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c