TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
985ee7f224
twx-linux/security
History
Andrew G. Morgan 1209726ce9 security: filesystem capabilities: fix CAP_SETPCAP handling 
The filesystem capability support meaning for CAP_SETPCAP is less powerful
than the non-filesystem capability support.  As such, when filesystem
capabilities are configured, we should not permit CAP_SETPCAP to 'enhance'
the current process through strace manipulation of a child process.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-07-04 10:40:08 -07:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
smack Smack: fuse mount hang fix 2008-06-04 08:50:43 -07:00
capability.c capabilities: implement per-process securebits 2008-04-28 08:58:26 -07:00
commoncap.c security: filesystem capabilities: fix CAP_SETPCAP handling 2008-07-04 10:40:08 -07:00
device_cgroup.c devscgroup: make white list more compact in some cases 2008-06-06 11:29:11 -07:00
dummy.c capabilities: add (back) dummy support for KEEPCAPS 2008-06-12 18:05:40 -07:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: enhance DEFAULT_MMAP_MIN_ADDR description 2008-04-18 20:26:18 +10:00
Makefile cgroups: implement device whitelist 2008-04-29 08:06:09 -07:00
root_plug.c root_plug: use cap_task_prctl 2008-04-28 08:58:27 -07:00
security.c Security: Make secctx_to_secid() take const secdata 2008-04-30 08:23:51 +10:00