From: Micah Morton <mortonm@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: [GIT PULL] SafeSetID changes for v5.10
Date: Thu, 15 Oct 2020 11:15:18 -0700 [thread overview]
Message-ID: <CAJ-EccOQxDjSgUL0AsCywoKDbOUNWDyxCKHQc+s6+ZemUh9Uzw@mail.gmail.com> (raw)
The following changes since commit bbf5c979011a099af5dc76498918ed7df445635b:
Linux 5.9 (2020-10-11 14:15:50 -0700)
are available in the Git repository at:
https://github.com/micah-morton/linux.git tags/safesetid-5.10
for you to fetch changes up to 03ca0ec138927b16fab0dad7b869f42eb2849c94:
LSM: SafeSetID: Fix warnings reported by test bot (2020-10-13 09:17:36 -0700)
----------------------------------------------------------------
SafeSetID changes for v5.10
The changes in this pull request are mostly contained to within the
SafeSetID LSM, with the exception of a few 1-line changes to change
some ns_capable() calls to ns_capable_setid() -- causing a flag
(CAP_OPT_INSETID) to be set that is examined by SafeSetID code and
nothing else in the kernel. These changes have been baking in -next and
actually were in -next for the entire v5.9 merge window but I didn't
have a chance to send them.
The changes to SafeSetID internally allow for setting up GID transition
security policies, as already existed for UIDs.
NOTE: I'm re-using my safesetid-next branch here as the branch for
creating the pull request. I think that's fine, not sure if this is the
normal workflow or not. Also, I use 'git rebase vX.X' to put my commits
on top of the latest stable release. Again, I verified with gitk that I
don't have any weird history in my branch that will mess things up so
AFAICT that should be fine too.
----------------------------------------------------------------
Thomas Cedeno (3):
LSM: Signal to SafeSetID when setting group IDs
LSM: SafeSetID: Add GID security policy handling
LSM: SafeSetID: Fix warnings reported by test bot
Documentation/admin-guide/LSM/SafeSetID.rst | 29 +++--
kernel/capability.c | 2 +-
kernel/groups.c | 2 +-
kernel/sys.c | 10 +-
security/safesetid/lsm.c | 190 +++++++++++++++++++++-------
security/safesetid/lsm.h | 38 ++++--
security/safesetid/securityfs.c | 190 ++++++++++++++++++++--------
7 files changed, 336 insertions(+), 125 deletions(-)
next reply other threads:[~2020-10-15 18:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-15 18:15 Micah Morton [this message]
2020-10-15 23:06 ` [GIT PULL] SafeSetID changes for v5.10 Linus Torvalds
2020-10-16 0:01 ` Micah Morton
2020-10-23 17:57 ` Linus Torvalds
2020-10-23 19:14 ` Micah Morton
2020-10-25 17:54 ` Linus Torvalds
2020-10-27 16:14 ` Micah Morton
2020-10-25 18:35 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJ-EccOQxDjSgUL0AsCywoKDbOUNWDyxCKHQc+s6+ZemUh9Uzw@mail.gmail.com \
--to=mortonm@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).