Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2024-12-28 16:52:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
74a96bbe12
linux-next/security
History
Ryan Lee 74a96bbe12 apparmor: audit_cap dedup based on subj_cred instead of profile 
The previous audit_cap cache deduping was based on the profile that was
being audited. This could cause confusion due to the deduplication then
occurring across multiple processes, which could happen if multiple
instances of binaries matched the same profile attachment (and thus ran
under the same profile) or a profile was attached to a container and its
processes.

Instead, perform audit_cap deduping over ad->subj_cred, which ensures the
deduping only occurs across a single process, instead of across all
processes that match the current one's profile.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2024-11-26 19:21:06 -08:00
..
apparmor apparmor: audit_cap dedup based on subj_cred instead of profile 2024-11-26 19:21:06 -08:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-09-11 10:11:36 -07:00
integrity This update includes the following changes: 2024-11-19 10:28:41 -08:00
ipe ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
keys KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation 2024-11-04 21:24:24 +02:00
landlock the bulk of struct fd memory safety stuff 2024-11-18 12:24:06 -08:00
loadpin fdget(), more trivial conversions 2024-11-03 01:28:06 -05:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
smack lsm: remove lsm_prop scaffolding 2024-10-11 14:34:16 -04:00
tomoyo tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support 2024-10-04 11:41:22 -04:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c lsm: Use IS_ERR_OR_NULL() helper function 2024-08-29 11:12:13 -04:00
Kconfig lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
Kconfig.hardening hardening: Adjust dependencies in selection of MODVERSIONS 2024-09-28 13:56:03 -07:00
lsm_audit.c security: replace memcpy() with get_task_comm() 2024-11-05 17:12:29 -08:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c \n 2024-11-21 09:55:45 -08:00