Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 5b589d44fad18228f18749360d008d5c8ff3aaf8
commit5b589d44fad18228f18749360d008d5c8ff3aaf8[log] [tgz]
authorPaul Moore <pmoore@redhat.com>Thu May 15 11:16:06 2014 -0400
committerSerge Hallyn <serge.hallyn@ubuntu.com>Tue Jun 03 14:21:48 2014 -0500
treecc90b51e698724cb18b113904a629625ba79185f
parentca7786a2f916540931d7114d441efa141c99c898 [diff]
selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES

We presently prevent processes from using setexecon() to set the
security label of exec()'d processes when NO_NEW_PRIVS is enabled by
returning an error; however, we silently ignore setexeccon() when
exec()'ing from a nosuid mounted filesystem.  This patch makes things
a bit more consistent by returning an error in the setexeccon()/nosuid
case.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
tree: cc90b51e698724cb18b113904a629625ba79185f
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS