Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ee0cdfcb30
linux-stable/security
History
Stephen Smalley 5a91177ccf selinux: use default proc sid on symlinks 
commit ea6b184f7d upstream.

As we are not concerned with fine-grained control over reading of
symlinks in proc, always use the default proc SID for all proc symlinks.
This should help avoid permission issues upon changes to the proc tree
as in the /proc/net -> /proc/self/net example.
This does not alter labeling of symlinks within /proc/pid directories.
ls -Zd /proc/net output before and after the patch should show the difference.

Signed-off-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Florian Mickler <florian@mickler.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-08-26 16:40:12 -07:00
..
keys KEYS: find_keyring_by_name() can gain access to a freed keyring 2010-07-05 11:08:48 -07:00
selinux selinux: use default proc sid on symlinks 2010-08-26 16:40:12 -07:00
smack security/smack: fix oops when setting a size 0 SMACK64 xattr 2009-05-02 10:23:55 -07:00
capability.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
commoncap.c file caps: always start with clear bprm->caps_* 2008-11-06 19:05:55 -08:00
device_cgroup.c devices cgroup: allow mkfifo 2009-01-18 10:35:26 -08:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: use mmap_min_addr indepedently of security models 2009-07-19 20:44:59 -07:00
Makefile security: remove dummy module 2008-07-14 15:03:04 +10:00
root_plug.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
security.c nfsd: fix vm overcommit crash 2010-05-26 14:27:09 -07:00