Ything-RepoMirrors/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-01-25 07:47:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b9cb7e59ac4ae68940347ebfc41e0436d32d3c6e
linux/kernel
History
Christian Göttsche b9cb7e59ac pid: use ns_capable_noaudit() when determining net sysctl permissions 
The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.

The denial audit message can either lead to the capability being
unnecessarily allowed in a security policy, or being silenced potentially
masking a legitimate capability check at a later point in time.

Similar to commit d6169b0206 ("net: Use ns_capable_noaudit() when
determining net sysctl permissions")

Fixes: 7863dcc72d ("pid: allow pid_max to be set per pid namespace")
CC: Christian Brauner <brauner@kernel.org>
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
2025-09-19 13:08:31 +02:00
..
bpf
fs: rename generic_delete_inode() and generic_drop_inode()
2025-09-15 16:09:42 +02:00
cgroup
Merge tag 'cgroup-for-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2025-07-31 16:04:19 -07:00
configs
configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON
2025-07-21 21:41:57 -07:00
debug
Merge tag 'tty-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
2025-04-02 18:17:33 -07:00
dma
dma-contiguous: hornor the cma address limit setup by user
2025-06-12 08:38:40 +02:00
entry
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2025-07-30 17:14:01 -07:00
events
perf/core: Prevent VMA split of buffer mappings
2025-08-05 21:55:29 +02:00
futex
futex: Remove support for IMMUTABLE
2025-07-11 16:02:01 +02:00
gcov
kbuild: require gcc-8 and binutils-2.30
2025-04-30 21:53:35 +02:00
irq
genirq/test: Resolve irq lock inversion warnings
2025-08-06 10:29:48 +02:00
kcsan
kcsan: test: Initialize dummy variable
2025-07-23 08:51:32 +02:00
livepatch
sched,livepatch: Untangle cond_resched() and live-patching
2025-05-14 13:16:24 +02:00
locking
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
module
Merge tag 'mm-stable-2025-08-03-12-35' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-05 16:02:07 +03:00
power
Merge tag 'drm-next-2025-07-30' of https://gitlab.freedesktop.org/drm/kernel
2025-07-30 19:26:49 -07:00
printk
Merge tag 'printk-for-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
2025-08-04 10:54:36 -07:00
rcu
Merge tag 'sched_ext-for-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext
2025-07-31 16:29:46 -07:00
sched
sched/psi: Fix psi_seq initialization
2025-08-04 10:51:22 -07:00
time
Merge tag 'bitmap-for-6.17' of https://github.com/norov/linux
2025-07-31 16:52:32 -07:00
trace
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
unwind
unwind: Finish up unwind when a task exits
2025-07-31 10:20:11 -04:00
.gitignore
kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute
2025-06-24 20:30:37 +09:00
acct.c
acct: block access to kernel internal filesystems
2025-02-12 12:24:16 +01:00
async.c
audit_fsnotify.c
audit_tree.c
replace collect_mounts()/drop_collected_mounts() with a safer variant
2025-06-23 14:01:49 -04:00
audit_watch.c
fs: add kern_path_locked_negative()
2025-04-15 11:32:34 +02:00
audit.c
audit: record AUDIT_ANOM_* events regardless of presence of rules
2025-04-11 14:14:41 -04:00
audit.h
audit,module: restore audit logging in load failure case
2025-06-16 17:00:06 -04:00
auditfilter.c
audit: fix suffixed '/' filename matching
2024-12-05 19:22:38 -05:00
auditsc.c
audit,module: restore audit logging in load failure case
2025-06-16 17:00:06 -04:00
backtracetest.c
bounds.c
capability.c
capability: Remove unused has_capability
2025-03-07 22:03:09 -06:00
cfi.c
cfi: Move BPF CFI types and helpers to generic code
2025-07-31 18:23:53 -07:00
compat.c
configs.c
context_tracking.c
context_tracking: Make RCU watch ct_kernel_exit_state() warning
2025-03-04 18:44:29 -08:00
cpu_pm.c
cpu.c
cpu: Remove obsolete comment from takedown_cpu()
2025-08-06 22:48:12 +02:00
crash_core.c
kdump: wait for DMA to finish when using CMA
2025-07-19 19:08:23 -07:00
crash_dump_dm_crypt.c
crash_dump: retrieve dm crypt keys in kdump kernel
2025-05-21 10:48:21 -07:00
crash_reserve.c
kdump: implement reserve_crashkernel_cma
2025-07-19 19:08:23 -07:00
cred.c
cred: remove old {override,revert}_creds() helpers
2024-12-02 11:25:09 +01:00
delayacct.c
delayacct: remove redundant code and adjust indentation
2025-05-27 19:40:33 -07:00
dma.c
elfcorehdr.c
exec_domain.c
exit.c
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
exit.h
extable.c
fail_function.c
fork.c
Merge tag 'locking_urgent_for_v6.17_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2025-08-10 08:11:39 +03:00
freezer.c
sched,freezer: Remove unnecessary warning in __thaw_task
2025-07-17 07:56:50 -10:00
gen_kheaders.sh
kheaders: make it possible to override TAR
2025-08-06 10:23:36 +09:00
groups.c
hung_task.c
hung_task: extend hung task blocker tracking to rwsems
2025-07-19 19:08:26 -07:00
iomem.c
mm/memremap: Pass down MEMREMAP_* flags to arch_memremap_wb()
2025-02-21 15:05:38 +01:00
irq_work.c
kasan: make kasan_record_aux_stack_noalloc() the default behaviour
2025-01-13 22:40:36 -08:00
jump_label.c
jump_label: Use RCU in all users of __module_text_address().
2025-03-10 11:54:46 +01:00
kallsyms_internal.h
kallsyms_selftest.c
kallsyms: Use kthread_run_on_cpu()
2025-01-02 22:12:12 +01:00
kallsyms_selftest.h
kallsyms.c
bpf: Clean up individual BTF_ID code
2025-07-16 18:34:42 -07:00
kcmp.c
kcmp: improve performance adding an unlikely hint to task comparisons
2025-02-21 10:25:33 +01:00
Kconfig.freezer
Kconfig.hz
kernel: Fix "select" wording on HZ_250 description
2025-02-21 09:20:30 +01:00
Kconfig.kexec
crashdump: add CONFIG_KEYS dependency
2025-06-25 15:55:04 -07:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: fix typo in comment of kcov_fault_in_area
2025-07-09 22:57:52 -07:00
kexec_core.c
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
kexec_elf.c
kexec: initialize ELF lowest address to ULONG_MAX
2025-03-16 22:30:47 -07:00
kexec_file.c
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
kexec_handover.c
Merge tag 'mm-stable-2025-07-30-15-25' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-07-31 14:57:54 -07:00
kexec_internal.h
kexec: enable CMA based contiguous allocation
2025-08-02 12:01:38 -07:00
kexec.c
kexec: enable CMA based contiguous allocation
2025-08-02 12:01:38 -07:00
kheaders.c
kheaders: Simplify attribute through __BIN_ATTR_SIMPLE_RO()
2024-12-24 09:46:49 +01:00
kprobes.c
kprobes: Add missing kerneldoc for __get_insn_slot
2025-07-15 18:45:34 +09:00
kstack_erase.c
stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depth
2025-07-21 21:40:39 -07:00
ksyms_common.c
ksysfs.c
kernel/ksysfs.c: simplify bin_attribute definition
2025-01-07 16:59:15 +01:00
kthread.c
kthread: update comment for __to_kthread
2025-07-09 22:57:55 -07:00
latencytop.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
Makefile
Merge tag 'kbuild-v6.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2025-08-06 07:32:52 +03:00
module_signature.c
notifier.c
nsproxy.c
kernel/nsproxy: remove unnecessary guards
2025-05-09 13:13:54 +02:00
padata.c
padata: use cpumask_nth()
2025-06-13 17:26:17 +08:00
panic.c
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-08-03 16:23:09 -07:00
params.c
module: ensure that kobject_put() is safe for module type kobjects
2025-05-07 20:24:59 +02:00
pid_namespace.c
pidns: move is-ancestor logic to helper
2025-09-02 11:37:24 +02:00
pid_sysctl.h
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
pid.c
pid: use ns_capable_noaudit() when determining net sysctl permissions
2025-09-19 13:08:31 +02:00
profile.c
ptrace.c
ptrace: introduce PTRACE_SET_SYSCALL_INFO request
2025-05-11 17:48:15 -07:00
range.c
reboot.c
Merge tag 'mm-nonmm-stable-2025-03-30-18-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 10:06:52 -07:00
regset.c
relay.c
relayfs: support a counter tracking if data is too big to write
2025-07-09 22:57:52 -07:00
resource_kunit.c
resource.c
resource: fix false warning in __request_region()
2025-07-24 17:57:59 -07:00
rseq.c
rseq: Fix segfault on registration when rseq_cs is non-zero
2025-03-06 22:26:49 +01:00
scftorture.c
scftorture: Handle NULL argument passed to scf_add_to_free_list().
2024-11-14 16:09:51 -08:00
scs.c
seccomp.c
seccomp: avoid the lock trip seccomp_filter_release in common case
2025-02-24 11:17:10 -08:00
signal.c
coredump: rename do_coredump() to vfs_coredump()
2025-06-16 17:01:22 +02:00
smp.c
smp: Fix spelling in on_each_cpu_cond_mask()'s doc-comment
2025-08-02 14:24:50 +02:00
smpboot.c
sched/smp: Use the SMP version of idle_thread_set_boot_cpu()
2025-06-13 08:47:20 +02:00
smpboot.h
softirq.c
lockdep: Fix wait context check on softirq for PREEMPT_RT
2025-03-25 10:46:44 +01:00
stacktrace.c
static_call_inline.c
Merge tag 'modules-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux
2025-03-30 15:44:36 -07:00
static_call.c
stop_machine.c
sched/core: Fix migrate_swap() vs. hotplug
2025-07-01 15:02:03 +02:00
sys_ni.c
sys.c
Merge tag 'mm-stable-2025-07-30-15-25' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-07-31 14:57:54 -07:00
sysctl-test.c
sysctl: move u8 register test to lib/test_sysctl.c
2025-04-14 14:13:41 +02:00
sysctl.c
sysctl: rename kern_table -> sysctl_subsys_table
2025-07-23 11:56:02 +02:00
task_work.c
kasan: make kasan_record_aux_stack_noalloc() the default behaviour
2025-01-13 22:40:36 -08:00
taskstats.c
torture.c
torture: Add get_torture_init_jiffies() for test-start time
2025-02-05 07:14:24 -08:00
tracepoint.c
tracepoint: Print the function symbol when tracepoint_debug is set
2025-03-21 15:30:10 -04:00
tsacct.c
ucount.c
ucount: use atomic_long_try_cmpxchg() in atomic_long_inc_below()
2025-08-02 12:01:38 -07:00
uid16.c
uid16.h
umh.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
up.c
user_namespace.c
uidgid: add map_id_range_up()
2025-02-12 12:12:27 +01:00
user-return-notifier.c
user.c
utsname_sysctl.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
utsname.c
vhost_task.c
vhost: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...))
2025-08-01 09:11:08 -04:00
vmcore_info.c
crash: export PAGE_UNACCEPTED_MAPCOUNT_VALUE to vmcoreinfo
2025-05-11 17:54:04 -07:00
watch_queue.c
Merge tag 'vfs-6.15-rc1.pipe' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 09:52:37 -07:00
watchdog_buddy.c
watchdog: fix opencoded cpumask_next_wrap() in watchdog_next_cpu()
2025-07-31 11:28:03 -04:00
watchdog_perf.c
watchdog/perf: Provide function for adjusting the event period
2025-07-04 13:17:30 +01:00
watchdog.c
kernel/watchdog: add /sys/kernel/{hard,soft}lockup_count
2025-05-21 10:48:22 -07:00
workqueue_internal.h
workqueue.c
Merge tag 'wq-for-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
2025-07-31 15:40:22 -07:00