[PATCH v4] LSM: generalize flag passing to security_capable
James Morris
jmorris at namei.org
Thu Jan 10 22:31:18 UTC 2019
On Mon, 7 Jan 2019, mortonm at chromium.org wrote:
> From: Micah Morton <mortonm at chromium.org>
>
> This patch provides a general mechanism for passing flags to the
> security_capable LSM hook. It replaces the specific 'audit' flag that is
> used to tell security_capable whether it should log an audit message for
> the given capability check. The reason for generalizing this flag
> passing is so we can add an additional flag that signifies whether
> security_capable is being called by a setid syscall (which is needed by
> the proposed SafeSetID LSM).
>
> Signed-off-by: Micah Morton <mortonm at chromium.org>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general
and next-testing
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list