aboutsummaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
AgeCommit message (Expand)AuthorFilesLines
2023-11-12lsm: mark the lsm_id variables are marked as staticPaul Moore1-1/+1
2023-11-12LSM: Identify modules by more than nameCasey Schaufler1-1/+7
2023-09-13lsm: constify 'file' parameter in security_bprm_creds_from_file()Khadija Kamran1-2/+2
2023-08-08lsm: constify the 'target' parameter in security_capget()Khadija Kamran1-1/+1
2023-05-25lsm: fix a number of misspellingsPaul Moore1-10/+10
2023-03-20selinux: remove the runtime disable functionalityPaul Moore1-1/+1
2023-03-01capability: just use a 'u64' instead of a 'u32[2]' arrayLinus Torvalds1-27/+22
2023-01-19fs: port vfs{g,u}id helpers to mnt_idmapChristian Brauner1-6/+3
2023-01-19fs: port privilege checking helpers to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port xattr to mnt_idmapChristian Brauner1-27/+30
2023-01-19fs: port ->permission() to pass mnt_idmapChristian Brauner1-2/+3
2022-12-13Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-13/+9
2022-12-12Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-25/+26
2022-11-18lsm,fs: fix vfs_getxattr_alloc() return type and caller error pathsPaul Moore1-12/+10
2022-10-28capabilities: fix potential memleak on error path from vfs_getxattr_alloc()Gaosheng Cui1-2/+4
2022-10-26caps: use type safe idmapping helpersChristian Brauner1-25/+26
2021-12-05fs: support mapped mounts of mapped filesystemsChristian Brauner1-5/+4
2021-12-03fs: use low-level mapping helpersChristian Brauner1-5/+8
2021-12-03fs: move mapping helpersChristian Brauner1-0/+1
2021-04-27Merge tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds1-18/+34
2021-04-15security: commoncap: clean up kernel-doc commentsRandy Dunlap1-17/+33
2021-03-24security: commoncap: fix -Wstringop-overread warningArnd Bergmann1-1/+1
2021-03-12Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file cap...Eric W. Biederman1-11/+1
2021-02-23Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-20/+88
2021-02-22Merge branch 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+11
2021-01-28cap: fix conversions on getxattrMiklos Szeredi1-24/+43
2021-01-24commoncap: handle idmapped mountsChristian Brauner1-13/+49
2021-01-24xattr: handle idmapped mountsTycho Andersen1-3/+3
2021-01-24acl: handle idmapped mountsChristian Brauner1-7/+38
2021-01-24capability: handle idmapped mountsChristian Brauner1-2/+3
2020-12-29capabilities: Don't allow writing ambiguous v3 file capabilitiesEric W. Biederman1-1/+11
2020-12-14vfs: move cap_convert_nscap() call into vfs_setxattr()Miklos Szeredi1-2/+1
2020-05-29exec: Compute file based creds only onceEric W. Biederman1-11/+13
2020-05-29exec: Add a per bprm->file version of per_clearEric W. Biederman1-1/+1
2020-05-27Merge commit a4ae32c71fe9 ("exec: Always set cap_ambient in cap_bprm_set_creds")Eric W. Biederman1-0/+1
2020-05-26exec: Always set cap_ambient in cap_bprm_set_credsEric W. Biederman1-0/+1
2020-05-21exec: Convert security_bprm_set_creds into security_bprm_repopulate_credsEric W. Biederman1-5/+4
2019-07-09Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds1-3/+3
2019-07-07security/commoncap: Use xattr security prefix lenCarmeli Tamir1-2/+2
2019-06-11security: Make capability_hooks staticYueHaibing1-1/+1
2019-05-30treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152Thomas Gleixner1-6/+1
2019-03-07Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-0/+2
2019-02-25LSM: Update function documentation for cap_capableMicah Morton1-1/+1
2019-01-25audit: add support for fcaps v3Richard Guy Briggs1-0/+2
2019-01-10LSM: generalize flag passing to security_capableMicah Morton1-8/+9
2019-01-08capability: Initialize as LSM_ORDER_FIRSTKees Cook1-1/+8
2018-12-12security: audit and remove any unnecessary uses of module.hPaul Gortmaker1-1/+0
2018-09-04Merge tag 'v4.19-rc2' into next-generalJames Morris1-1/+1
2018-08-29security/capabilities: remove check for -EINVALChristian Brauner1-3/+0
2018-08-11cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()Eddie.Horng1-1/+1
2018-05-24capabilities: Allow privileged user in s_user_ns to set security.* xattrsEric W. Biederman1-2/+6
2018-04-10commoncap: Handle memory allocation failure.Tetsuo Handa1-0/+2
2018-01-02capabilities: fix buffer overread on very short xattrEric Biggers1-12/+9
2017-11-13Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-65/+128
2017-10-20capabilities: audit log other surprising conditionsRichard Guy Briggs1-7/+22
2017-10-20capabilities: fix logic for effective root or real rootRichard Guy Briggs1-3/+2
2017-10-20capabilities: invert logic for clarityRichard Guy Briggs1-4/+4
2017-10-20capabilities: remove a layer of conditional logicRichard Guy Briggs1-13/+10
2017-10-20capabilities: move audit log decision to functionRichard Guy Briggs1-20/+30
2017-10-20capabilities: use intuitive names for id changesRichard Guy Briggs1-6/+22
2017-10-20capabilities: use root_priveleged inline to clarify logicRichard Guy Briggs1-2/+4
2017-10-20capabilities: rename has_cap to has_fcapRichard Guy Briggs1-10/+10
2017-10-20capabilities: intuitive names for cap gain statusRichard Guy Briggs1-7/+11
2017-10-20capabilities: factor out cap_bprm_set_creds privileged rootRichard Guy Briggs1-28/+48
2017-10-19commoncap: move assignment of fs_ns to avoid null pointer dereferenceColin Ian King1-1/+2
2017-09-24Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-3/+3
2017-09-23security: fix description of values returned by cap_inode_need_killprivStefan Berger1-3/+3
2017-09-11Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-21/+256
2017-09-01Introduce v3 namespaced file capabilitiesSerge E. Hallyn1-19/+251
2017-08-01commoncap: Move cap_elevated calculation into bprm_set_credsKees Cook1-42/+10
2017-08-01commoncap: Refactor to remove bprm_secureexec hookKees Cook1-4/+8
2017-07-20security: Use user_namespace::level to avoid redundant iterations in cap_capa...Kirill Tkhai1-2/+5
2017-03-06security: mark LSM hooks as __ro_after_initJames Morris1-1/+1
2017-02-23Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-2/+3
2017-01-24exec: Remove LSM_UNSAFE_PTRACE_CAPEric W. Biederman1-1/+1
2017-01-24exec: Test the ptracer's saved cred to see if the tracee can gain capsEric W. Biederman1-1/+2
2017-01-24exec: Don't reset euid and egid when the tracee has CAP_SETUIDEric W. Biederman1-1/+1
2017-01-19LSM: Add /sys/kernel/security/lsmCasey Schaufler1-1/+2
2016-10-07xattr: Add __vfs_{get,set,remove}xattr helpersAndreas Gruenbacher1-15/+10
2016-06-24fs: Treat foreign mounts as nosuidAndy Lutomirski1-1/+7
2016-06-24fs: Limit file caps to the user namespace of the super blockSeth Forshee1-0/+2
2016-05-17Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds1-3/+3
2016-04-22security: Introduce security_settime64()Baolin Wang1-1/+1
2016-04-11->getxattr(): pass dentry and inode as separate argumentsAl Viro1-3/+3
2016-01-20ptrace: use fsuid, fsgid, effective creds for fs access checksJann Horn1-1/+6
2015-09-04capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISEAndy Lutomirski1-1/+2
2015-09-04capabilities: ambient capabilitiesAndy Lutomirski1-10/+92
2015-05-12LSM: Switch to lists of hooksCasey Schaufler1-8/+33
2015-04-15VFS: security/: d_backing_inode() annotationsDavid Howells1-3/+3
2015-01-25file->f_path.dentry is pinned down for as long as the file is open...Al Viro1-5/+1
2014-11-19kill f_dentry usesAl Viro1-1/+1
2014-07-24CAPABILITIES: remove undefined caps from all processesEric Paris1-0/+3
2014-07-24commoncap: don't alloc the credential unless needed in cap_task_prctlTetsuo Handa1-42/+30
2013-08-30capabilities: allow nice if we are privilegedSerge Hallyn1-4/+4
2013-08-30userns: Allow PR_CAPBSET_DROP in a user namespace.Eric W. Biederman1-1/+1
2013-02-26kill f_vfsmntAl Viro1-1/+1
2012-12-14Fix cap_capable to only allow owners in the parent user namespace to have caps.Eric W. Biederman1-8/+17
2012-05-31split ->file_mmap() into ->mmap_addr()/->mmap_file()Al Viro1-18/+3
2012-05-31split cap_mmap_addr() out of cap_file_mmap()Al Viro1-9/+23
2012-05-23Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-25/+36
2012-05-04Merge tag 'v3.4-rc5' into nextJames Morris1-0/+6
2012-05-03userns: Convert capabilities related permsion checksEric W. Biederman1-15/+26
2012-05-03userns: Store uid and gid values in struct cred with kuid_t and kgid_t typesEric W. Biederman1-2/+1
2012-04-26userns: Simplify the user_namespace by making userns->creator a kuid.Eric W. Biederman1-2/+3
2012-04-19security: fix compile error in commoncap.cJonghwan Choi1-0/+1
2012-04-18fcaps: clear the same personality flags as suid when fcaps are usedEric Paris1-0/+5
2012-04-14Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privsAndy Lutomirski1-2/+5
2012-04-07userns: Add an explicit reference to the parent user namespaceEric W. Biederman1-1/+1
2012-04-07userns: Use cred->user_ns instead of cred->user->user_nsEric W. Biederman1-7/+7
2012-02-14security: trim security.hAl Viro1-0/+1
2012-01-14Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-securityLinus Torvalds1-17/+7
2012-01-05security: remove the security_netlink_recv hook as it is equivalent to capable()Eric Paris1-8/+0
2012-01-05capabilities: remove the task from capable LSM hook entirelyEric Paris1-9/+7
2011-08-16capabilities: initialize has_capSerge Hallyn1-1/+1
2011-08-12capabilities: do not grant full privs for setuid w/ file caps + no effective ...Zhi Li1-6/+10
2011-04-04capabilities: do not special case exec of initEric Paris1-9/+4
2011-03-23userns: allow ptrace from non-init user namespacesSerge E. Hallyn1-8/+32
2011-03-23userns: security: make capabilities relative to the user namespaceSerge E. Hallyn1-7/+31
2011-03-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6Linus Torvalds1-2/+1
2011-03-03netlink: kill eff_cap from struct netlink_skb_parmsPatrick McHardy1-2/+1
2011-02-02time: Correct the *settime* parametersRichard Cochran1-1/+1
2010-11-15capabilities/syslog: open code cap_syslog logic to fix build failureEric Paris1-21/+0
2010-11-12Restrict unprivileged access to kernel syslogDan Rosenberg1-0/+2
2010-10-21security: remove unused parameter from security_task_setscheduler()KOSAKI Motohiro1-4/+1
2010-08-17Make do_execve() take a const filename pointerDavid Howells1-1/+1
2010-04-23security: whitespace coding style fixesJustin P. Mattock1-2/+2
2010-04-20Security: Fix the comment of cap_file_mmap()wzt.wzt@gmail.com1-1/+1
2010-02-05syslog: clean up needless commentKees Cook1-1/+0
2010-02-04syslog: use defined constants instead of raw numbersKees Cook1-2/+3
2010-02-04syslog: distinguish between /proc/kmsg and syscallsKees Cook1-1/+6
2009-11-24remove CONFIG_SECURITY_FILE_CAPABILITIES compile optionSerge E. Hallyn1-70/+2
2009-10-20security: remove root_plugJames Morris1-1/+1
2009-08-06Security/SELinux: seperate lsm specific mmap_min_addrEric Paris1-1/+1
2009-08-06Capabilities: move cap_file_mmap to commoncap.cEric Paris1-0/+30
2009-06-25security: rename ptrace_may_access => ptrace_access_checkIngo Molnar1-2/+2
2009-05-08Merge branch 'master' into nextJames Morris1-1/+0
2009-04-09cap_prctl: don't set error to 0 at 'no_change'Serge E. Hallyn1-1/+0
2009-04-03don't raise all privs on setuid-root file with fE set (v2)Serge E. Hallyn1-0/+32
2009-01-07Merge branch 'next' into for-linusJames Morris1-15/+14
2009-01-07CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #3]David Howells1-15/+14
2009-01-07Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() ...James Morris1-29/+13
2009-01-05inode->i_op is never NULLAl Viro1-3/+3
2009-01-05CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]David Howells1-13/+29
2008-11-15capabilities: define get_vfs_caps_from_disk when file caps are not enabledEric Paris1-0/+6
2008-11-14CRED: Prettify commoncap.cDavid Howells1-52/+248
2008-11-14CRED: Make execve() take advantage of copy-on-write credentialsDavid Howells1-76/+76
2008-11-14CRED: Inaugurate COW credentialsDavid Howells1-140/+125
2008-11-14CRED: Use RCU to access another task's creds and to release a task's own credsDavid Howells1-24/+40
2008-11-14CRED: Wrap current->cred and a few other accessorsDavid Howells1-1/+1
2008-11-14CRED: Separate task security context from task_structDavid Howells1-76/+85
2008-11-14CRED: Constify the kernel_cap_t arguments to the capset LSM hooksDavid Howells1-4/+6
2008-11-14CRED: Neuter sys_capset()David Howells1-21/+8
2008-11-14CRED: Wrap task credential accesses in the capabilities codeDavid Howells1-12/+18
2008-11-11Add a new capable interface that will be used by systems that use audit toEric Paris1-4/+4
2008-11-11Any time fcaps or a setuid app under SECURE_NOROOT is used to result in aEric Paris1-1/+22
2008-11-11This patch add a generic cpu endian caps structure and externally availableEric Paris1-58/+71
2008-11-06file capabilities: add no_file_caps switch (v4)Serge E. Hallyn1-0/+3
2008-11-01file caps: always start with clear bprm->caps_*Serge Hallyn1-3/+3
2008-09-27file capabilities: uninline cap_safe_niceSerge E. Hallyn1-1/+1
2008-08-14security: Fix setting of PF_SUPERPRIV by __capable()David Howells1-7/+17
2008-07-24security: protect legacy applications from executing with insufficient privilegeAndrew G. Morgan1-49/+59
2008-07-14Security: split proc ptrace checking into read vs. attachStephen Smalley1-1/+2
2008-07-04security: filesystem capabilities: fix CAP_SETPCAP handlingAndrew G. Morgan1-3/+10
2008-04-29xattr: add missing consts to function argumentsDavid Howells1-3/+3
2008-04-28capabilities: implement per-process securebitsAndrew G. Morgan1-9/+94
2008-04-18security: replace remaining __FUNCTION__ occurrencesHarvey Harrison1-2/+2
2008-03-20file capabilities: remove cap_task_kill()Serge Hallyn1-40/+0
2008-02-23file capabilities: simplify signal checkSerge E. Hallyn1-1/+1
2008-02-05capabilities: introduce per-process capability bounding setSerge E. Hallyn1-17/+27
2008-02-05Add 64-bit capability support to the kernelAndrew Morgan1-30/+57
2008-02-05revert "capabilities: clean up file capability reading"Andrew Morton1-15/+8
2008-01-21Fix filesystem capability supportAndrew G. Morgan1-3/+10
2007-11-29file capabilities: don't prevent signaling setuid root programsSerge E. Hallyn1-0/+9
2007-11-14file capabilities: allow sigcont within sessionSerge E. Hallyn1-0/+4
2007-10-22capabilities: clean up file capability readingSerge E. Hallyn1-8/+15
2007-10-19pid namespaces: define is_global_init() and is_container_init()Serge E. Hallyn1-1/+2
2007-10-18V3 file capabilities: alter behavior of cap_setpcapAndrew Morgan1-5/+54
2007-10-17security/ cleanupsAdrian Bunk1-21/+0
2007-10-17Implement file posix capabilitiesSerge E. Hallyn1-16/+228
2007-10-17security: Convert LSM into a static interfaceJames Morris1-3/+0
2007-08-22fix NULL pointer dereference in __vm_enough_memory()Alan Cox1-2/+2
2007-07-19coredump masking: reimplementation of dumpable using two flagsKawai, Hidehiro1-1/+1
2007-05-08header cleaning: don't include smp_lock.h when not usedRandy Dunlap1-1/+0
2006-09-29[PATCH] pidspace: is_init()Sukadev Bhattiprolu1-1/+1
2006-06-30Remove obsolete #include <linux/config.h>Jörn Engel1-1/+0
2006-06-29[NETLINK]: Encapsulate eff_cap usage within security framework.Darrel Goeddel1-2/+2
2006-03-25[PATCH] make cap_ptrace enforce PTRACE_TRACME checksChris Wright1-2/+2
2006-01-11[PATCH] move capable() to capability.hRandy.Dunlap1-0/+1
2005-06-23[PATCH] setuid core dumpAlan Cox1-1/+1
2005-04-16Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+345
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-09 15:20:59 +0000