<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-dev/security/safesetid/Kconfig, branch master</title>
<subtitle>Linux kernel development work - see feature branches</subtitle>
<id>https://git.zx2c4.com/linux-dev/atom/security/safesetid/Kconfig?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-dev/atom/security/safesetid/Kconfig?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-dev/'/>
<updated>2019-05-21T08:50:46Z</updated>
<entry>
<title>treewide: Add SPDX license identifier - Makefile/Kconfig</title>
<updated>2019-05-21T08:50:46Z</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@linutronix.de</email>
</author>
<published>2019-05-19T12:07:45Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-dev/commit/?id=ec8f24b7faaf3d4799a7c3f4c1b87f6b02778ad1'/>
<id>urn:sha1:ec8f24b7faaf3d4799a7c3f4c1b87f6b02778ad1</id>
<content type='text'>
Add SPDX license identifiers to all Make/Kconfig files which:

 - Have no license information of any form

These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:

  GPL-2.0-only

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>LSM: SafeSetID: 'depend' on CONFIG_SECURITY</title>
<updated>2019-01-29T19:50:48Z</updated>
<author>
<name>Micah Morton</name>
<email>mortonm@chromium.org</email>
</author>
<published>2019-01-29T18:54:24Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-dev/commit/?id=2f87324be7736151bd1f9bf1d63b1eb0401011ba'/>
<id>urn:sha1:2f87324be7736151bd1f9bf1d63b1eb0401011ba</id>
<content type='text'>
This patch changes the Kconfig file for the SafeSetID LSM to depend on
CONFIG_SECURITY as well as select CONFIG_SECURITYFS, since the policies
for the LSM are configured through writing to securityfs.

Signed-off-by: Micah Morton &lt;mortonm@chromium.org&gt;
Signed-off-by: James Morris &lt;james.morris@microsoft.com&gt;
</content>
</entry>
<entry>
<title>LSM: add SafeSetID module that gates setid calls</title>
<updated>2019-01-25T19:22:45Z</updated>
<author>
<name>Micah Morton</name>
<email>mortonm@chromium.org</email>
</author>
<published>2019-01-16T15:46:06Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-dev/commit/?id=aeca4e2ca65c1aeacfbe520684e6421719d99417'/>
<id>urn:sha1:aeca4e2ca65c1aeacfbe520684e6421719d99417</id>
<content type='text'>
SafeSetID gates the setid family of syscalls to restrict UID/GID
transitions from a given UID/GID to only those approved by a
system-wide whitelist. These restrictions also prohibit the given
UIDs/GIDs from obtaining auxiliary privileges associated with
CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID
mappings. For now, only gating the set*uid family of syscalls is
supported, with support for set*gid coming in a future patch set.

Signed-off-by: Micah Morton &lt;mortonm@chromium.org&gt;
Acked-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: James Morris &lt;james.morris@microsoft.com&gt;
</content>
</entry>
</feed>
