korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-18 00:24:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
01aa7b7a3d
linux/security/landlock
History
Mickaël Salaün cc30d05b34 landlock: Fix d_parent walk 
commit 88da52ccd6 upstream.

The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when
trying to link a root mount point.  This cannot work in practice because
this directory is mounted, but the VFS check is done after the call to
security_path_link().

Do not use source directory's d_parent when the source directory is the
mount point.

Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: stable@vger.kernel.org
Reported-by: syzbot+bf4903dc7e12b18ebc87@syzkaller.appspotmail.com
Fixes: b91c3e4ea7 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER")
Closes: https://lore.kernel.org/r/000000000000553d3f0618198200@google.com
Link: https://lore.kernel.org/r/20240516181935.1645983-2-mic@digikod.net
[mic: Fix commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-21 14:38:24 +02:00
..
common.h landlock: Set up the security framework and manage credentials 2021-04-22 12:22:10 -07:00
cred.c selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
cred.h landlock: Format with clang-format 2022-05-09 12:31:10 +02:00
fs.c landlock: Fix d_parent walk 2024-06-21 14:38:24 +02:00
fs.h landlock: Support file truncation 2022-10-19 09:01:44 +02:00
Kconfig hostfs: Fix ephemeral inodes 2023-06-12 21:26:19 +02:00
limits.h landlock: Support file truncation 2022-10-19 09:01:44 +02:00
Makefile landlock: Add syscall implementations 2021-04-22 12:22:11 -07:00
object.c landlock: Format with clang-format 2022-05-09 12:31:10 +02:00
object.h landlock: Format with clang-format 2022-05-09 12:31:10 +02:00
ptrace.c selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
ptrace.h landlock: Add ptrace restrictions 2021-04-22 12:22:10 -07:00
ruleset.c landlock: Define access_mask_t to enforce a consistent access mask size 2022-05-23 13:27:55 +02:00
ruleset.h landlock: Annotate struct landlock_rule with __counted_by 2023-08-18 11:44:42 +02:00
setup.c selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
setup.h landlock: Support filesystem access-control 2021-04-22 12:22:11 -07:00
syscalls.c landlock: Warn once if a Landlock action is requested while disabled 2024-04-03 15:28:27 +02:00