q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/security
History
Eric Paris 84336d1a77 SELinux: call cap_file_mmap in selinux_file_mmap 
Currently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook.  This
means there is no DAC check on the ability to mmap low addresses in the
memory space.  This function adds the DAC check for CAP_SYS_RAWIO while
maintaining the selinux check on mmap_zero.  This means that processes
which need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will
NOT need the SELinux sys_rawio capability.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
 		2009-08-06 09:02:21 +10:00
..
integrity/ima integrity: add ima_counts_put (updated) 2009-06-29 08:59:10 +10:00
keys kernel: rename is_single_threaded(task) to current_is_single_threaded(void) 2009-07-17 09:10:42 +10:00
selinux SELinux: call cap_file_mmap in selinux_file_mmap 2009-08-06 09:02:21 +10:00
smack security/smack: Use AF_INET for sin_family field 2009-08-06 08:46:15 +10:00
tomoyo TOMOYO: Remove next_domain from tomoyo_find_next_domain(). 2009-06-19 18:48:18 +10:00
Kconfig security: use mmap_min_addr indepedently of security models 2009-06-04 12:07:48 +10:00
Makefile Revert "SELinux: Convert avc_audit to use lsm_audit.h" 2009-07-13 10:39:36 +10:00
capability.c Capabilities: move cap_file_mmap to commoncap.c 2009-08-06 09:02:17 +10:00
commoncap.c Capabilities: move cap_file_mmap to commoncap.c 2009-08-06 09:02:17 +10:00
device_cgroup.c devcgroup: skip superfluous checks when found the DEV_ALL elem 2009-06-18 13:03:47 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
lsm_audit.c smack: implement logging V3 2009-04-14 09:00:19 +10:00
root_plug.c rootplug: Remove redundant initialization. 2009-05-27 13:30:46 +10:00
security.c security: rename ptrace_may_access => ptrace_access_check 2009-06-25 00:18:05 +10:00