Kees Cook 0e1a6ef2de sysctl: require CAP_SYS_RAWIO to set mmap_min_addr ... Currently the mmap_min_addr value can only be bypassed during mmap when the task has CAP_SYS_RAWIO. However, the mmap_min_addr sysctl value itself can be adjusted to 0 if euid == 0, allowing a bypass without CAP_SYS_RAWIO. This patch adds a check for the capability before allowing mmap_min_addr to be changed. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>		2009-11-09 08:34:22 +11:00
..
integrity/ima	LSM: imbed ima calls in the security hooks	2009-10-25 12:22:48 +08:00
keys	KEYS: Have the garbage collector set its timer for live expired keys	2009-09-23 11:03:47 -07:00
selinux	SELinux: add .gitignore files for dynamic classes	2009-10-24 09:42:27 +08:00
smack	seq_file: constify seq_operations	2009-09-23 07:39:29 -07:00
tomoyo	tomoyo: improve hash bucket dispersion	2009-10-29 11:17:33 +11:00
capability.c	LSM: Add security_path_chroot().	2009-10-12 10:56:02 +11:00
commoncap.c	security: remove root_plug	2009-10-20 14:26:16 +09:00
device_cgroup.c	cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time	2009-09-24 07:20:58 -07:00
inode.c	securityfs: securityfs_remove should handle IS_ERR pointers	2009-05-12 11:06:11 +10:00
Kconfig	security: remove root_plug	2009-10-20 14:26:16 +09:00
lsm_audit.c	lsm: Use a compressed IPv6 string format in audit events	2009-09-24 03:50:26 -04:00
Makefile	security: remove root_plug	2009-10-20 14:26:16 +09:00
min_addr.c	sysctl: require CAP_SYS_RAWIO to set mmap_min_addr	2009-11-09 08:34:22 +11:00
security.c	LSM: imbed ima calls in the security hooks	2009-10-25 12:22:48 +08:00