Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/security
History
Miklos Szeredi f2b00be488 cap: fix conversions on getxattr 
If a capability is stored on disk in v2 format cap_inode_getsecurity() will
currently return in v2 format unconditionally.

This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid,
and so the same conversions performed on it.

If the rootid cannot be mapped, v3 is returned unconverted.  Fix this so
that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs
user namespace in case of v2) cannot be mapped into the current user
namespace.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
 		2021-01-28 10:22:48 +01:00
..
apparmor apparmor: remove duplicate macro list_entry_is_head() 2020-12-15 22:46:19 -08:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity EFI updates collected by Ard Biesheuvel: 2020-12-24 12:40:07 -08:00
keys Networking updates for 5.11 2020-12-15 13:22:29 -08:00
loadpin
lockdown
safesetid
selinux selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
smack Provide a fix for the incorrect handling of privilege 2020-12-24 14:08:43 -08:00
tomoyo tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
yama
Kconfig
Kconfig.hardening
Makefile
commoncap.c cap: fix conversions on getxattr 2021-01-28 10:22:48 +01:00
device_cgroup.c
inode.c
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-16 15:11:35 -05:00
min_addr.c
security.c selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00