From: Micah Morton <mortonm@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: [GIT PULL] SafeSetID changes for v6.0
Date: Mon, 1 Aug 2022 19:42:26 -0700 [thread overview]
Message-ID: <CAJ-EccPH46FGKQj8gYEg5HGpmmRiqzrZouTZauwpvX-+2j4GNA@mail.gmail.com> (raw)
The following changes since commit 32346491ddf24599decca06190ebca03ff9de7f8:
Linux 5.19-rc6 (2022-07-10 14:40:51 -0700)
are available in the Git repository at:
https://github.com/micah-morton/linux.git tags/safesetid-6.0
for you to fetch changes up to 64b634830c919979de4b18163e15d30df66e64a8:
LSM: SafeSetID: add setgroups() testing to selftest (2022-07-15
18:24:42 +0000)
----------------------------------------------------------------
This pull request contains one commit that touches common kernel code,
one that adds functionality internal to the SafeSetID LSM code, and a
few other commits that only modify the SafeSetID LSM selftest.
The commit that touches common kernel code simply adds an LSM hook in
the setgroups() syscall that mirrors what is done for the existing LSM
hooks in the setuid() and setgid() syscalls. This commit combined with
the SafeSetID-specific one allow the LSM to filter setgroups() calls
according to configured rule sets in the same way that is already done
for setuid() and setgid().
The changes are based on v5.19-rc6 and have been in -next.
----------------------------------------------------------------
Micah Morton (6):
LSM: SafeSetID: fix userns bug in selftest
LSM: SafeSetID: selftest cleanup and prepare for GIDs
LSM: SafeSetID: add GID testing to selftest
security: Add LSM hook to setgroups() syscall
LSM: SafeSetID: Add setgroups() security policy handling
LSM: SafeSetID: add setgroups() testing to selftest
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 7 +
include/linux/security.h | 7 +
kernel/groups.c | 13 +
security/safesetid/lsm.c | 39 ++-
security/security.c | 5 +
tools/testing/selftests/safesetid/Makefile | 2 +-
tools/testing/selftests/safesetid/safesetid-test.c | 295 ++++++++++++++++++---
8 files changed, 315 insertions(+), 54 deletions(-)
next reply other threads:[~2022-08-02 2:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-02 2:42 Micah Morton [this message]
2022-08-02 22:19 ` [GIT PULL] SafeSetID changes for v6.0 Linus Torvalds
2022-08-03 16:08 ` Micah Morton
2022-08-02 22:29 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJ-EccPH46FGKQj8gYEg5HGpmmRiqzrZouTZauwpvX-+2j4GNA@mail.gmail.com \
--to=mortonm@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).