aboutsummaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
AgeCommit message (Expand)AuthorFilesLines
2016-02-25ptrace: use fsuid, fsgid, effective creds for fs access checksJann Horn1-1/+6
2015-09-04capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISEAndy Lutomirski1-1/+2
2015-09-04capabilities: ambient capabilitiesAndy Lutomirski1-10/+92
2015-05-12LSM: Switch to lists of hooksCasey Schaufler1-8/+33
2015-04-15VFS: security/: d_backing_inode() annotationsDavid Howells1-3/+3
2015-01-25file->f_path.dentry is pinned down for as long as the file is open...Al Viro1-5/+1
2014-11-19kill f_dentry usesAl Viro1-1/+1
2014-07-24CAPABILITIES: remove undefined caps from all processesEric Paris1-0/+3
2014-07-24commoncap: don't alloc the credential unless needed in cap_task_prctlTetsuo Handa1-42/+30
2013-08-30capabilities: allow nice if we are privilegedSerge Hallyn1-4/+4
2013-08-30userns: Allow PR_CAPBSET_DROP in a user namespace.Eric W. Biederman1-1/+1
2013-02-26kill f_vfsmntAl Viro1-1/+1
2012-12-14Fix cap_capable to only allow owners in the parent user namespace to have caps.Eric W. Biederman1-8/+17
2012-05-31split ->file_mmap() into ->mmap_addr()/->mmap_file()Al Viro1-18/+3
2012-05-31split cap_mmap_addr() out of cap_file_mmap()Al Viro1-9/+23
2012-05-23Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-25/+36
2012-05-04Merge tag 'v3.4-rc5' into nextJames Morris1-0/+6
2012-05-03userns: Convert capabilities related permsion checksEric W. Biederman1-15/+26
2012-05-03userns: Store uid and gid values in struct cred with kuid_t and kgid_t typesEric W. Biederman1-2/+1
2012-04-26userns: Simplify the user_namespace by making userns->creator a kuid.Eric W. Biederman1-2/+3
2012-04-19security: fix compile error in commoncap.cJonghwan Choi1-0/+1
2012-04-18fcaps: clear the same personality flags as suid when fcaps are usedEric Paris1-0/+5
2012-04-14Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privsAndy Lutomirski1-2/+5
2012-04-07userns: Add an explicit reference to the parent user namespaceEric W. Biederman1-1/+1
2012-04-07userns: Use cred->user_ns instead of cred->user->user_nsEric W. Biederman1-7/+7
2012-02-14security: trim security.hAl Viro1-0/+1
2012-01-14Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-securityLinus Torvalds1-17/+7
2012-01-05security: remove the security_netlink_recv hook as it is equivalent to capable()Eric Paris1-8/+0
2012-01-05capabilities: remove the task from capable LSM hook entirelyEric Paris1-9/+7
2011-08-16capabilities: initialize has_capSerge Hallyn1-1/+1
2011-08-12capabilities: do not grant full privs for setuid w/ file caps + no effective ...Zhi Li1-6/+10
2011-04-04capabilities: do not special case exec of initEric Paris1-9/+4
2011-03-23userns: allow ptrace from non-init user namespacesSerge E. Hallyn1-8/+32
2011-03-23userns: security: make capabilities relative to the user namespaceSerge E. Hallyn1-7/+31
2011-03-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6Linus Torvalds1-2/+1
2011-03-03netlink: kill eff_cap from struct netlink_skb_parmsPatrick McHardy1-2/+1
2011-02-02time: Correct the *settime* parametersRichard Cochran1-1/+1
2010-11-15capabilities/syslog: open code cap_syslog logic to fix build failureEric Paris1-21/+0
2010-11-12Restrict unprivileged access to kernel syslogDan Rosenberg1-0/+2
2010-10-21security: remove unused parameter from security_task_setscheduler()KOSAKI Motohiro1-4/+1
2010-08-17Make do_execve() take a const filename pointerDavid Howells1-1/+1
2010-04-23security: whitespace coding style fixesJustin P. Mattock1-2/+2
2010-04-20Security: Fix the comment of cap_file_mmap()wzt.wzt@gmail.com1-1/+1
2010-02-05syslog: clean up needless commentKees Cook1-1/+0
2010-02-04syslog: use defined constants instead of raw numbersKees Cook1-2/+3
2010-02-04syslog: distinguish between /proc/kmsg and syscallsKees Cook1-1/+6
2009-11-24remove CONFIG_SECURITY_FILE_CAPABILITIES compile optionSerge E. Hallyn1-70/+2
2009-10-20security: remove root_plugJames Morris1-1/+1
2009-08-06Security/SELinux: seperate lsm specific mmap_min_addrEric Paris1-1/+1
2009-08-06Capabilities: move cap_file_mmap to commoncap.cEric Paris1-0/+30
2009-06-25security: rename ptrace_may_access => ptrace_access_checkIngo Molnar1-2/+2
2009-05-08Merge branch 'master' into nextJames Morris1-1/+0
2009-04-09cap_prctl: don't set error to 0 at 'no_change'Serge E. Hallyn1-1/+0
2009-04-03don't raise all privs on setuid-root file with fE set (v2)Serge E. Hallyn1-0/+32
2009-01-07Merge branch 'next' into for-linusJames Morris1-15/+14
2009-01-07CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #3]David Howells1-15/+14
2009-01-07Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() ...James Morris1-29/+13
2009-01-05inode->i_op is never NULLAl Viro1-3/+3
2009-01-05CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]David Howells1-13/+29
2008-11-15capabilities: define get_vfs_caps_from_disk when file caps are not enabledEric Paris1-0/+6
2008-11-14CRED: Prettify commoncap.cDavid Howells1-52/+248
2008-11-14CRED: Make execve() take advantage of copy-on-write credentialsDavid Howells1-76/+76
2008-11-14CRED: Inaugurate COW credentialsDavid Howells1-140/+125
2008-11-14CRED: Use RCU to access another task's creds and to release a task's own credsDavid Howells1-24/+40
2008-11-14CRED: Wrap current->cred and a few other accessorsDavid Howells1-1/+1
2008-11-14CRED: Separate task security context from task_structDavid Howells1-76/+85
2008-11-14CRED: Constify the kernel_cap_t arguments to the capset LSM hooksDavid Howells1-4/+6
2008-11-14CRED: Neuter sys_capset()David Howells1-21/+8
2008-11-14CRED: Wrap task credential accesses in the capabilities codeDavid Howells1-12/+18
2008-11-11Add a new capable interface that will be used by systems that use audit toEric Paris1-4/+4
2008-11-11Any time fcaps or a setuid app under SECURE_NOROOT is used to result in aEric Paris1-1/+22
2008-11-11This patch add a generic cpu endian caps structure and externally availableEric Paris1-58/+71
2008-11-06file capabilities: add no_file_caps switch (v4)Serge E. Hallyn1-0/+3
2008-11-01file caps: always start with clear bprm->caps_*Serge Hallyn1-3/+3
2008-09-27file capabilities: uninline cap_safe_niceSerge E. Hallyn1-1/+1
2008-08-14security: Fix setting of PF_SUPERPRIV by __capable()David Howells1-7/+17
2008-07-24security: protect legacy applications from executing with insufficient privilegeAndrew G. Morgan1-49/+59
2008-07-14Security: split proc ptrace checking into read vs. attachStephen Smalley1-1/+2
2008-07-04security: filesystem capabilities: fix CAP_SETPCAP handlingAndrew G. Morgan1-3/+10
2008-04-29xattr: add missing consts to function argumentsDavid Howells1-3/+3
2008-04-28capabilities: implement per-process securebitsAndrew G. Morgan1-9/+94
2008-04-18security: replace remaining __FUNCTION__ occurrencesHarvey Harrison1-2/+2
2008-03-20file capabilities: remove cap_task_kill()Serge Hallyn1-40/+0
2008-02-23file capabilities: simplify signal checkSerge E. Hallyn1-1/+1
2008-02-05capabilities: introduce per-process capability bounding setSerge E. Hallyn1-17/+27
2008-02-05Add 64-bit capability support to the kernelAndrew Morgan1-30/+57
2008-02-05revert "capabilities: clean up file capability reading"Andrew Morton1-15/+8
2008-01-21Fix filesystem capability supportAndrew G. Morgan1-3/+10
2007-11-29file capabilities: don't prevent signaling setuid root programsSerge E. Hallyn1-0/+9
2007-11-14file capabilities: allow sigcont within sessionSerge E. Hallyn1-0/+4
2007-10-22capabilities: clean up file capability readingSerge E. Hallyn1-8/+15
2007-10-19pid namespaces: define is_global_init() and is_container_init()Serge E. Hallyn1-1/+2
2007-10-18V3 file capabilities: alter behavior of cap_setpcapAndrew Morgan1-5/+54
2007-10-17security/ cleanupsAdrian Bunk1-21/+0
2007-10-17Implement file posix capabilitiesSerge E. Hallyn1-16/+228
2007-10-17security: Convert LSM into a static interfaceJames Morris1-3/+0
2007-08-22fix NULL pointer dereference in __vm_enough_memory()Alan Cox1-2/+2
2007-07-19coredump masking: reimplementation of dumpable using two flagsKawai, Hidehiro1-1/+1
2007-05-08header cleaning: don't include smp_lock.h when not usedRandy Dunlap1-1/+0
2006-09-29[PATCH] pidspace: is_init()Sukadev Bhattiprolu1-1/+1
2006-06-30Remove obsolete #include <linux/config.h>Jörn Engel1-1/+0
2006-06-29[NETLINK]: Encapsulate eff_cap usage within security framework.Darrel Goeddel1-2/+2
2006-03-25[PATCH] make cap_ptrace enforce PTRACE_TRACME checksChris Wright1-2/+2
2006-01-11[PATCH] move capable() to capability.hRandy.Dunlap1-0/+1
2005-06-23[PATCH] setuid core dumpAlan Cox1-1/+1
2005-04-16Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+345
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 08:06:47 +0000