diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-05-21 23:27:36 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-05-21 23:27:36 -0400 |
| commit | cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b (patch) | |
| tree | 4322be35db678f6299348a76ad60a2023954af7d /include/linux/prctl.h | |
| parent | 99262a3dafa3290866512ddfb32609198f8973e9 (diff) | |
| parent | ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"New notable features:
- The seccomp work from Will Drewry
- PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski
- Longer security labels for Smack from Casey Schaufler
- Additional ptrace restriction modes for Yama by Kees Cook"
Fix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)
apparmor: fix long path failure due to disconnected path
apparmor: fix profile lookup for unconfined
ima: fix filename hint to reflect script interpreter name
KEYS: Don't check for NULL key pointer in key_validate()
Smack: allow for significantly longer Smack labels v4
gfp flags for security_inode_alloc()?
Smack: recursive tramsmute
Yama: replace capable() with ns_capable()
TOMOYO: Accept manager programs which do not start with / .
KEYS: Add invalidation support
KEYS: Do LRU discard in full keyrings
KEYS: Permit in-place link replacement in keyring list
KEYS: Perform RCU synchronisation on keys prior to key destruction
KEYS: Announce key type (un)registration
KEYS: Reorganise keys Makefile
KEYS: Move the key config into security/keys/Kconfig
KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat
Yama: remove an unused variable
samples/seccomp: fix dependencies on arch macros
Yama: add additional ptrace scopes
...
Diffstat (limited to 'include/linux/prctl.h')
| -rw-r--r-- | include/linux/prctl.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/prctl.h b/include/linux/prctl.h index e0cfec2490aa..78b76e24cc7e 100644 --- a/include/linux/prctl.h +++ b/include/linux/prctl.h | |||
| @@ -124,4 +124,19 @@ | |||
| 124 | #define PR_SET_CHILD_SUBREAPER 36 | 124 | #define PR_SET_CHILD_SUBREAPER 36 |
| 125 | #define PR_GET_CHILD_SUBREAPER 37 | 125 | #define PR_GET_CHILD_SUBREAPER 37 |
| 126 | 126 | ||
| 127 | /* | ||
| 128 | * If no_new_privs is set, then operations that grant new privileges (i.e. | ||
| 129 | * execve) will either fail or not grant them. This affects suid/sgid, | ||
| 130 | * file capabilities, and LSMs. | ||
| 131 | * | ||
| 132 | * Operations that merely manipulate or drop existing privileges (setresuid, | ||
| 133 | * capset, etc.) will still work. Drop those privileges if you want them gone. | ||
| 134 | * | ||
| 135 | * Changing LSM security domain is considered a new privilege. So, for example, | ||
| 136 | * asking selinux for a specific new context (e.g. with runcon) will result | ||
| 137 | * in execve returning -EPERM. | ||
| 138 | */ | ||
| 139 | #define PR_SET_NO_NEW_PRIVS 38 | ||
| 140 | #define PR_GET_NO_NEW_PRIVS 39 | ||
| 141 | |||
| 127 | #endif /* _LINUX_PRCTL_H */ | 142 | #endif /* _LINUX_PRCTL_H */ |