linux

History

Paul Moore 5b589d44fa selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES We presently prevent processes from using setexecon() to set the security label of exec()'d processes when NO_NEW_PRIVS is enabled by returning an error; however, we silently ignore setexeccon() when exec()'ing from a nosuid mounted filesystem. This patch makes things a bit more consistent by returning an error in the setexeccon()/nosuid case. Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Andy Lutomirski <luto@amacapital.net> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>		2014-06-03 14:21:48 -05:00
..
include	selinux: Report permissive mode in avc: denied messages.	2014-06-03 14:21:48 -05:00
ss	selinux: add gfp argument to security_xfrm_policy_alloc and fix callers	2014-03-10 08:30:02 +01:00
.gitignore
avc.c	selinux: Report permissive mode in avc: denied messages.	2014-06-03 14:21:48 -05:00
exports.c	selinux: sparse fix: include selinux.h in exports.c	2011-09-09 16:56:32 -07:00
hooks.c	selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES	2014-06-03 14:21:48 -05:00
Kconfig
Makefile
netif.c	net: pass info struct via netdevice notifier	2013-05-28 13:11:01 -07:00
netlabel.c	selinux: ensure that the cached NetLabel secattr matches the desired SID	2013-12-04 16:08:17 -05:00
netlink.c	selinux: replace obsolete NLMSG_* with type safe nlmsg_*	2013-03-28 14:25:49 -04:00
netnode.c	selinux: fix problems in netnode when BUG() is compiled out	2013-07-25 13:03:27 -04:00
netport.c	SELinux: avc: remove the useless fields in avc_add_callback	2012-04-09 12:23:44 -04:00
nlmsgtab.c	selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types	2014-02-05 12:20:48 -05:00
selinuxfs.c	Merge commit 'v3.14' into next	2014-04-14 11:23:14 +10:00
xfrm.c	selinux: add gfp argument to security_xfrm_policy_alloc and fix callers	2014-03-10 08:30:02 +01:00