Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Apart from reordering the SELinux mmap code to ensure DAC is called before MAC, these are minor maintenance updates" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits) selinux: correctly label /proc inodes in use before the policy is loaded selinux: put the mmap() DAC controls before the MAC controls selinux: fix the output of ./scripts/get_maintainer.pl for SELinux evm: enable key retention service automatically ima: skip memory allocation for empty files evm: EVM does not use MD5 ima: return d_name.name if d_path fails integrity: fix checkpatch errors ima: fix erroneous removal of security.ima xattr security: integrity: Use a more current logging style MAINTAINERS: email updates and other misc. changes ima: reduce memory usage when a template containing the n field is used ima: restore the original behavior for sending data with ima template Integrity: Pass commname via get_task_comm() fs: move i_readcount ima: use static const char array definitions security: have cap_dentry_init_security return error ima: new helper: file_inode(file) kernel: Mark function as static in kernel/seccomp.c capability: Use current logging styles ...
This commit is contained in:
Linus Torvalds
@@ -7,6 +7,8 @@
|
||||
* 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
|
||||
*/
|
||||
|
||||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
||||
|
||||
#include <linux/audit.h>
|
||||
#include <linux/capability.h>
|
||||
#include <linux/mm.h>
|
||||
@@ -42,15 +44,10 @@ __setup("no_file_caps", file_caps_disable);
|
||||
|
||||
static void warn_legacy_capability_use(void)
|
||||
{
|
||||
static int warned;
|
||||
if (!warned) {
|
||||
char name[sizeof(current->comm)];
|
||||
char name[sizeof(current->comm)];
|
||||
|
||||
printk(KERN_INFO "warning: `%s' uses 32-bit capabilities"
|
||||
" (legacy support in use)\n",
|
||||
get_task_comm(name, current));
|
||||
warned = 1;
|
||||
}
|
||||
pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
|
||||
get_task_comm(name, current));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -71,16 +68,10 @@ static void warn_legacy_capability_use(void)
|
||||
|
||||
static void warn_deprecated_v2(void)
|
||||
{
|
||||
static int warned;
|
||||
char name[sizeof(current->comm)];
|
||||
|
||||
if (!warned) {
|
||||
char name[sizeof(current->comm)];
|
||||
|
||||
printk(KERN_INFO "warning: `%s' uses deprecated v2"
|
||||
" capabilities in a way that may be insecure.\n",
|
||||
get_task_comm(name, current));
|
||||
warned = 1;
|
||||
}
|
||||
pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n",
|
||||
get_task_comm(name, current));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -380,7 +371,7 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
|
||||
bool ns_capable(struct user_namespace *ns, int cap)
|
||||
{
|
||||
if (unlikely(!cap_valid(cap))) {
|
||||
printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
|
||||
pr_crit("capable() called with invalid cap=%u\n", cap);
|
||||
BUG();
|
||||
}
|
||||
|
||||
|
||||
@@ -290,7 +290,7 @@ free_prog:
|
||||
*
|
||||
* Returns 0 on success and non-zero otherwise.
|
||||
*/
|
||||
long seccomp_attach_user_filter(char __user *user_filter)
|
||||
static long seccomp_attach_user_filter(char __user *user_filter)
|
||||
{
|
||||
struct sock_fprog fprog;
|
||||
long ret = -EFAULT;
|
||||
|
||||
Reference in New Issue
Block a user