linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00

No description

Find a file

Ondrej Mosnacek 8511186f10 fs: don't audit the capability check in simple_xattr_list() [ Upstream commit `e7eda157c4` ] The check being unconditional may lead to unwanted denials reported by LSMs when a process has the capability granted by DAC, but denied by an LSM. In the case of SELinux such denials are a problem, since they can't be effectively filtered out via the policy and when not silenced, they produce noise that may hide a true problem or an attack. Checking for the capability only if any trusted xattr is actually present wouldn't really address the issue, since calling listxattr(2) on such node on its own doesn't indicate an explicit attempt to see the trusted xattrs. Additionally, it could potentially leak the presence of trusted xattrs to an unprivileged user if they can check for the denials (e.g. through dmesg). Therefore, it's best (and simplest) to keep the check unconditional and instead use ns_capable_noaudit() that will silence any associated LSM denials. Fixes: `38f3865744` ("xattr: extract simple_xattr code from tmpfs") Reported-by: Martin Pitt <mpitt@redhat.com> Suggested-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org> Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-01-18 11:40:53 +01:00
arch	alpha: fix syscall entry in !AUDUT_SYSCALL case	2023-01-18 11:40:53 +01:00
block	block: unhash blkdev part inode when the part is deleted	2022-12-19 12:24:16 +01:00
certs	certs/blacklist_hashes.c: fix const confusion in certs blacklist	2022-06-22 14:11:22 +02:00
crypto	crypto: akcipher - default implementation for setting a private key	2022-10-26 13:22:45 +02:00
Documentation	docs: update mediator contact information in CoC doc	2022-11-25 17:42:20 +01:00
drivers	cpuidle: dt: Return the correct numbers of parsed idle states	2023-01-18 11:40:53 +01:00
fs	fs: don't audit the capability check in simple_xattr_list()	2023-01-18 11:40:53 +01:00
include	can: sja1000: fix size of OCR_MODE_MASK define	2022-12-19 12:24:16 +01:00
init	init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash	2022-12-08 11:22:59 +01:00
ipc	ipc/sem: Fix dangling sem_array access in semtimedop race	2022-12-08 11:23:06 +01:00
kernel	PM: hibernate: Fix mistake in kerneldoc comment	2023-01-18 11:40:53 +01:00
lib	Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled	2022-12-08 11:23:05 +01:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page	2022-12-19 12:24:15 +01:00
net	Bluetooth: L2CAP: Fix u8 overflow	2023-01-18 11:40:49 +01:00
samples	samples/kretprobes: Fix return value if register_kretprobe() failed	2021-11-17 09:48:39 +01:00
scripts	scripts/faddr2line: Fix regression in name resolution on ppc64le	2022-12-08 11:23:02 +01:00
security	capabilities: fix potential memleak on error path from vfs_getxattr_alloc()	2022-11-10 17:57:55 +01:00
sound	ASoC: ops: Correct bounds check for second channel on SX controls	2022-12-19 12:24:16 +01:00
tools	ipv4: Fix incorrect route flushing when source address is deleted	2022-12-14 11:30:47 +01:00
usr	initramfs: restore default compression behavior	2020-04-08 09:08:38 +02:00
virt	KVM: arm64: vgic: Fix exit condition in scan_its_table()	2022-10-29 10:20:35 +02:00
.clang-format	clang-format: Update with the latest for_each macro list	2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes
.gitignore	Modules updates for v5.4	2019-09-22 10:34:46 -07:00
.mailmap	ARM: SoC fixes	2019-11-10 13:41:59 -08:00
COPYING	COPYING: use the new text with points to the license files	2018-03-23 12:41:45 -06:00
CREDITS	MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer	2019-10-10 08:12:51 -07:00
Kbuild	kbuild: do not descend to ./Kbuild when cleaning	2019-08-21 21:03:58 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	MAINTAINERS: add Chandan as xfs maintainer for 5.4.y	2022-09-28 11:03:58 +02:00
Makefile	Linux 5.4.228	2022-12-19 12:24:17 +01:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.