linux/security
Stephen Smalley b21507e272 proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via
/proc/pid/attr nodes.  This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-01-09 10:07:31 -05:00
..
apparmor proc,security: move restriction on writing /proc/pid/attr nodes to proc 2017-01-09 10:07:31 -05:00
integrity ima: platform-independent hash value 2016-12-20 09:48:46 -08:00
keys Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
loadpin LSM: LoadPin: provide enablement CONFIG 2016-05-17 20:10:30 +10:00
selinux proc,security: move restriction on writing /proc/pid/attr nodes to proc 2017-01-09 10:07:31 -05:00
smack proc,security: move restriction on writing /proc/pid/attr nodes to proc 2017-01-09 10:07:31 -05:00
tomoyo mm: add locked parameter to get_user_pages_remote() 2016-12-14 16:04:08 -08:00
yama Yama: allow access for the current ptrace parent 2016-12-05 11:48:01 +11:00
commoncap.c xattr: Add __vfs_{get,set,remove}xattr helpers 2016-10-07 20:10:44 -04:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 20:16:43 -07:00
Kconfig - force check_object_size() to be inline too 2016-09-07 14:03:49 -07:00
lsm_audit.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-10-04 14:48:27 -07:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c proc,security: move restriction on writing /proc/pid/attr nodes to proc 2017-01-09 10:07:31 -05:00