linux/security
Linus Torvalds 0c95f02269 Landlock fix for v6.0-rc4
-----BEGIN PGP SIGNATURE-----
 
 iIYEABYIAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCYxILwxAcbWljQGRpZ2lr
 b2QubmV0AAoJEOXj0OiMgvbSdu4BANqLdLqVhylwJRjZS91rpxrtwp6bOTxtR6+Q
 aSVtD2ZlAQCEl4/twUSO0mARkkprXXqNsjGcQ8wxN9JrxtcXAlaBCQ==
 =uVMR
 -----END PGP SIGNATURE-----

Merge tag 'landlock-6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock fix from Mickaël Salaün:
 "This fixes a mis-handling of the LANDLOCK_ACCESS_FS_REFER right when
  multiple rulesets/domains are stacked.

  The expected behaviour was that an additional ruleset can only
  restrict the set of permitted operations, but in this particular case,
  it was potentially possible to re-gain the LANDLOCK_ACCESS_FS_REFER
  right"

* tag 'landlock-6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER
2022-09-02 15:24:08 -07:00
..
apparmor apparmor: correct config reference to intended one 2022-07-20 13:22:19 -07:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity-v6.0 2022-08-02 15:21:18 -07:00
keys KEYS: trusted: tpm2: Fix migratable logic 2022-06-08 14:12:13 +03:00
landlock landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER 2022-09-02 15:29:08 +02:00
loadpin LoadPin: Return EFAULT on copy_from_user() failures 2022-08-16 12:17:18 -07:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux selinux: implement the security_uring_cmd() LSM hook 2022-08-26 11:19:43 -04:00
smack Smack: Provide read control for io_uring_cmd 2022-08-26 14:56:35 -04:00
tomoyo LSM: Remove double path_rename hook calls for RENAME_EXCHANGE 2022-05-23 13:27:58 +02:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean 2022-01-19 12:51:30 -08:00
inode.c
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-06-29 17:43:41 +02:00
Kconfig.hardening randstruct: Enable Clang support 2022-05-08 01:33:07 -07:00
lsm_audit.c selinux: log anon inode class name 2022-05-03 16:09:03 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm,io_uring: add LSM hooks for the new uring_cmd file op 2022-08-26 11:19:43 -04:00