linux-IllusionX

History

Christian Göttsche 2d7f105edb security: keys: perform capable check only on privileged operations If the current task fails the check for the queried capability via `capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message. Issuing such denial messages unnecessarily can lead to a policy author granting more privileges to a subject than needed to silence them. Reorder CAP_SYS_ADMIN checks after the check whether the operation is actually privileged. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>		2023-07-28 18:07:41 +00:00
..
apparmor	+ Bug Fixes	2023-07-07 09:55:31 -07:00
bpf
integrity	powerpc updates for 6.5	2023-06-30 09:20:08 -07:00
keys	security: keys: perform capable check only on privileged operations	2023-07-28 18:07:41 +00:00
landlock	hostfs: Fix ephemeral inodes	2023-06-12 21:26:19 +02:00
loadpin
lockdown
safesetid	SafeSetID: fix UID printed instead of GID	2023-06-20 20:26:00 -04:00
selinux
smack
tomoyo	mm/gup: remove vmas parameter from get_user_pages_remote()	2023-06-09 16:25:26 -07:00
yama
commoncap.c
device_cgroup.c	device_cgroup: Fix kernel-doc warnings in device_cgroup	2023-06-21 09:30:49 -04:00
inode.c
Kconfig
Kconfig.hardening
lsm_audit.c
Makefile
min_addr.c
security.c	lsm/stable-6.5 PR 20230626	2023-06-27 17:24:26 -07:00