[PATCH v1 0/2] Fix misuse of security_capable()

From: Mickaël Salaün
Date: Fri Oct 30 2020 - 08:39:09 EST

Next message: Alejandro Colomar: "[PATCH 1/2] futex.2: srcfix"
Previous message: Mickaël Salaün: "[PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability"
Next in thread: Mickaël Salaün: "[PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This series replaces all the use of security_capable(current_cred(),
...) with ns_capable{,_noaudit}() which set PF_SUPERPRIV.

This initially come from a review of Landlock by Jann Horn:
https://lore.kernel.org/lkml/CAG48ez1FQVkt78129WozBwFbVhAPyAr9oJAHFHAbbNxEBr9h1g@xxxxxxxxxxxxxx/

Mickaël Salaün (2):
ptrace: Set PF_SUPERPRIV when checking capability
seccomp: Set PF_SUPERPRIV when checking capability

kernel/ptrace.c | 18 ++++++------------
kernel/seccomp.c | 5 ++---
2 files changed, 8 insertions(+), 15 deletions(-)

base-commit: 3650b228f83adda7e5ee532e2b90429c03f7b9ec
--
2.28.0

Next message: Alejandro Colomar: "[PATCH 1/2] futex.2: srcfix"
Previous message: Mickaël Salaün: "[PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability"
Next in thread: Mickaël Salaün: "[PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]