LSM: SafeSetID: fix userns handling in securityfs - wireguard-linux

diff options

author	Jann Horn <jannh@google.com>	2019-04-10 09:55:58 -0700
committer	Micah Morton <mortonm@chromium.org>	2019-07-15 08:07:19 -0700
commit	71a98971b932174e121bc19056475c601598132f (patch)
tree	fb3a1ee4a8b7cdec81b2f0671524a25af4b5b016 /tools/perf/scripts/python/export-to-postgresql.py
parent	LSM: SafeSetID: refactor policy parsing (diff)
download	wireguard-linux-71a98971b932174e121bc19056475c601598132f.tar.xz wireguard-linux-71a98971b932174e121bc19056475c601598132f.zip

LSM: SafeSetID: fix userns handling in securityfs

Looking at current_cred() in write handlers is bad form, stop doing that. Also, let's just require that the write is coming from the initial user namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: