diff options
| author | Micah Morton <mortonm@chromium.org> | 2019-01-07 19:10:53 -0500 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2019-01-10 17:16:06 -0500 |
| commit | c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f (patch) | |
| tree | 310c082e0b41d2d3ff8b619553ed5e45ad244862 /kernel/seccomp.c | |
| parent | 2233975cd7927672525361c4c6eebc0b8d018a74 (diff) | |
LSM: generalize flag passing to security_capable
This patch provides a general mechanism for passing flags to the
security_capable LSM hook. It replaces the specific 'audit' flag that is
used to tell security_capable whether it should log an audit message for
the given capability check. The reason for generalizing this flag
passing is so we can add an additional flag that signifies whether
security_capable is being called by a setid syscall (which is needed by
the proposed SafeSetID LSM).
Signed-off-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'kernel/seccomp.c')
| -rw-r--r-- | kernel/seccomp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index d7f538847b84..38a77800def6 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c | |||
| @@ -443,8 +443,8 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) | |||
| 443 | * behavior of privileged children. | 443 | * behavior of privileged children. |
| 444 | */ | 444 | */ |
| 445 | if (!task_no_new_privs(current) && | 445 | if (!task_no_new_privs(current) && |
| 446 | security_capable_noaudit(current_cred(), current_user_ns(), | 446 | security_capable(current_cred(), current_user_ns(), |
| 447 | CAP_SYS_ADMIN) != 0) | 447 | CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0) |
| 448 | return ERR_PTR(-EACCES); | 448 | return ERR_PTR(-EACCES); |
| 449 | 449 | ||
| 450 | /* Allocate a new seccomp_filter */ | 450 | /* Allocate a new seccomp_filter */ |