renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-09 22:24:04 +08:00
Code
03638e62f5
linux-next/tools/testing/selftests
History
Jann Horn 03638e62f5 LSM: SafeSetID: rewrite userspace API to atomic updates 
The current API of the SafeSetID LSM uses one write() per rule, and applies
each written rule instantly. This has several downsides:

 - While a policy is being loaded, once a single parent-child pair has been
   loaded, the parent is restricted to that specific child, even if
   subsequent rules would allow transitions to other child UIDs. This means
   that during policy loading, set*uid() can randomly fail.
 - To replace the policy without rebooting, it is necessary to first flush
   all old rules. This creates a time window in which no constraints are
   placed on the use of CAP_SETUID.
 - If we want to perform sanity checks on the final policy, this requires
   that the policy isn't constructed in a piecemeal fashion without telling
   the kernel when it's done.

Other kernel APIs - including things like the userns code and netfilter -
avoid this problem by performing updates atomically. Luckily, SafeSetID
hasn't landed in a stable (upstream) release yet, so maybe it's not too
late to completely change the API.

The new API for SafeSetID is: If you want to change the policy, open
"safesetid/whitelist_policy" and write the entire policy,
newline-delimited, in there.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
2019-07-15 08:07:29 -07:00
..
android treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
bpf Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
breakpoints treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
capabilities selftests: Add test plan API to kselftest.h and adjust callers 2019-04-25 13:15:46 -06:00
cgroup kselftests: cgroup: remove duplicated include from test_freezer.c 2019-07-02 13:29:43 -06:00
cpu-hotplug
cpufreq
drivers linux-kselftest-5.3-rc1 2019-07-12 16:08:21 -07:00
efivarfs treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
exec treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
filesystems
firmware selftests: firmware: Add compressed firmware tests 2019-06-18 09:11:22 +02:00
ftrace treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 472 2019-06-19 17:09:11 +02:00
futex treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
gpio treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ia64 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
intel_pstate
ipc selftests/ipc: Fix msgque compiler warnings 2019-04-19 17:18:00 -06:00
ir media updates for v5.1-rc1 2019-03-09 14:45:54 -08:00
kcmp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
kexec treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
kmod treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
kselftest selftests: Remove forced unbuffering for test running 2019-05-21 09:24:30 -06:00
kvm ARM: 2019-07-12 15:35:14 -07:00
lib treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
livepatch selftests/livepatch: Add functions.sh to TEST_PROGS_EXTENDED 2019-04-15 10:43:21 +02:00
locking
media_tests media: selftests: media_dev_allocator api test 2019-04-22 11:23:14 -04:00
membarrier treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
memfd selftests/memfd: add tests for F_SEAL_FUTURE_WRITE seal 2019-03-05 21:07:19 -08:00
memory-hotplug
mount
mqueue
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-23 14:45:36 -07:00
networking/timestamping selftests: timestamping: Fix SIOCGSTAMP undeclared build failure 2019-06-28 14:31:12 -06:00
nsfs treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ntb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25 2019-05-21 11:52:39 +02:00
pidfd tests: add pidfd_open() tests 2019-06-28 12:17:55 +02:00
powerpc powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
prctl
proc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
pstore treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 472 2019-06-19 17:09:11 +02:00
ptp selftests: ptp: Add Physical Hardware Clock test 2019-06-13 22:34:55 -07:00
ptrace treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
rcutorture torture: Suppress propagating trace_printk() warning 2019-05-28 09:06:09 -07:00
rseq rseq/selftests: Fix Thumb mode build failure on arm32 2019-07-08 13:00:41 -06:00
rtc SPDX update for 5.2-rc3, round 1 2019-05-31 08:34:32 -07:00
safesetid LSM: SafeSetID: rewrite userspace API to atomic updates 2019-07-15 08:07:29 -07:00
seccomp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 481 2019-06-19 17:09:51 +02:00
sigaltstack treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
size treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
sparc64
splice
static_keys treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
sync selftests: Add test plan API to kselftest.h and adjust callers 2019-04-25 13:15:46 -06:00
sysctl treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tc-testing tc-tests: updated skbedit tests 2019-07-12 15:33:14 -07:00
timers kselftests: timers: freq-step: Update maximum acceptable precision and errors 2019-06-22 11:28:53 +02:00
tmpfs treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tpm2 selftests/tpm2: Open tpm dev in unbuffered mode 2019-04-08 15:58:55 -07:00
uevent
user treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
vDSO treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 180 2019-05-30 11:29:20 -07:00
vm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
watchdog
x86 It's been a relatively busy cycle for docs: 2019-07-09 12:34:26 -07:00
zram treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25 2019-05-21 11:52:39 +02:00
.gitignore selftests: Extract single-test shell logic from lib.mk 2019-04-25 13:14:13 -06:00
gen_kselftest_tar.sh
kselftest_harness.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 481 2019-06-19 17:09:51 +02:00
kselftest_install.sh
kselftest_module.h kselftest: Add test module framework header 2019-04-08 16:44:20 -06:00
kselftest_module.sh kselftest: Add test runner creation script 2019-04-08 16:44:11 -06:00
kselftest.h selftests: Add test plan API to kselftest.h and adjust callers 2019-04-25 13:15:46 -06:00
lib.mk kbuild: replace KBUILD_SRCTREE with boolean building_out_of_srctree 2019-07-11 00:05:09 +09:00
Makefile kbuild: replace KBUILD_SRCTREE with boolean building_out_of_srctree 2019-07-11 00:05:09 +09:00