mirror of
https://github.com/torvalds/linux.git
synced 2024-12-01 00:21:32 +00:00
4f189988a0
We presently prevent processes from using setexecon() to set the security label of exec()'d processes when NO_NEW_PRIVS is enabled by returning an error; however, we silently ignore setexeccon() when exec()'ing from a nosuid mounted filesystem. This patch makes things a bit more consistent by returning an error in the setexeccon()/nosuid case. Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Andy Lutomirski <luto@amacapital.net> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
---|---|---|
.. | ||
apparmor | ||
integrity | ||
keys | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
capability.c | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
Kconfig | ||
lsm_audit.c | ||
Makefile | ||
min_addr.c | ||
security.c |