Stephen Smalley b21507e272 proc,security: move restriction on writing /proc/pid/attr nodes to proc ...

Processes can only alter their own security attributes via
/proc/pid/attr nodes.  This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

2017-01-09 10:07:31 -05:00

..

9p

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

adfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

affs

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

afs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

autofs4

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

befs

befs: add NFS export support

2016-12-22 11:25:24 +00:00

bfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

btrfs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

cachefiles

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

ceph

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

cifs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

coda

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

configfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

cramfs

…

crypto

fscrypt: fix renaming and linking special files

2016-12-31 00:47:05 -05:00

debugfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

devpts

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

dlm

ktime: Get rid of ktime_equal()

2016-12-25 17:21:23 +01:00

ecryptfs

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

efivarfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

efs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

exofs

exofs: don't mess with simple_write_{begin,end}

2016-12-10 14:25:19 -05:00

exportfs

exportfs: be careful to only return expected errors.

2016-10-06 09:07:44 -04:00

ext2

ext2: Return BH_New buffers for zeroed blocks

2016-12-26 20:29:24 -08:00

ext4

ext4: Simplify DAX fault path

2016-12-26 20:29:25 -08:00

f2fs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

fat

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

freevxfs

…

fscache

…

fuse

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

gfs2

ktime: Cleanup ktime_set() usage

2016-12-25 17:21:22 +01:00

hfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

hfsplus

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

hostfs

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

hpfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

hugetlbfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

isofs

Merge branch 'for-4.10/block' of git://git.kernel.dk/linux-block

2016-12-13 10:19:16 -08:00

jbd2

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

jffs2

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

jfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

kernfs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

lockd

netns: make struct pernet_operations::id unsigned int

2016-11-18 10:59:15 -05:00

minix

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

ncpfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

nfs

ktime: Get rid of ktime_equal()

2016-12-25 17:21:23 +01:00

nfs_common

netns: make struct pernet_operations::id unsigned int

2016-11-18 10:59:15 -05:00

nfsd

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

nilfs2

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

nls

…

notify

Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit

2017-01-05 23:06:06 -08:00

ntfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

ocfs2

ktime: Get rid of the union

2016-12-25 17:21:22 +01:00

omfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

openpromfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

orangefs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

overlayfs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

proc

proc,security: move restriction on writing /proc/pid/attr nodes to proc

2017-01-09 10:07:31 -05:00

pstore

Merge tag 'pstore-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2016-12-13 09:16:11 -08:00

qnx4

…

qnx6

…

quota

Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

2016-12-19 08:23:53 -08:00

ramfs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

reiserfs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

romfs

…

squashfs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

sysfs

Merge branch 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

2016-10-14 12:18:50 -07:00

sysv

vfs: remove ".readlink = generic_readlink" assignments

2016-12-09 16:45:04 +01:00

tracefs

fs: Replace CURRENT_TIME with current_time() for inode timestamps

2016-09-27 21:06:21 -04:00

ubifs

Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2016-12-17 19:16:12 -08:00

udf

block,fs: untangle fs.h and blk_types.h

2016-11-01 09:43:26 -06:00

ufs

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

xfs

xfs: fix max_retries _show and _store functions

2017-01-03 20:34:17 -08:00

aio.c

ktime: Get rid of the union

2016-12-25 17:21:22 +01:00

anon_inodes.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

attr.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

bad_inode.c

bad_inode: add missing i_op initializers

2016-12-09 11:57:43 +01:00

binfmt_aout.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

binfmt_elf_fdpic.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

binfmt_elf.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

binfmt_em86.c

…

binfmt_flat.c

…

binfmt_misc.c

fs: Replace current_fs_time() with current_time()

2016-09-27 21:06:22 -04:00

binfmt_script.c

…

block_dev.c

Merge branch 'for-linus' of git://git.kernel.dk/linux-block

2017-01-04 09:03:37 -08:00

buffer.c

clean_bdev_aliases: Prevent cleaning blocks that are not in block range

2017-01-02 09:35:14 -07:00

char_dev.c

dax: define a unified inode/address_space for device-dax mappings

2016-08-23 22:58:51 -07:00

compat_binfmt_elf.c

…

compat_ioctl.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

compat.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

coredump.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

dax.c

dax: Call ->iomap_begin without entry lock during dax fault

2016-12-26 20:29:25 -08:00

dcache.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

dcookies.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

direct-io.c

Merge tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs

2016-12-14 21:35:31 -08:00

drop_caches.c

…

eventfd.c

…

eventpoll.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

exec.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

fcntl.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

fhandle.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

file_table.c

constify alloc_file()

2016-12-05 19:01:16 -05:00

file.c

fs/file: more unsigned file descriptors

2016-09-27 18:47:38 -04:00

filesystems.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

fs_pin.c

…

fs_struct.c

…

fs-writeback.c

fs/fs-writeback.c: remove redundant if check

2016-12-12 18:55:08 -08:00

inode.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

internal.h

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-12-17 18:44:00 -08:00

ioctl.c

vfs: call vfs_clone_file_range() under freeze protection

2016-12-16 11:02:54 +01:00

iomap.c

Merge tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs

2016-12-14 21:35:31 -08:00

Kconfig

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-12-16 10:24:44 -08:00

Kconfig.binfmt

docs: fix locations of several documents that got moved

2016-10-24 08:12:35 -02:00

libfs.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

locks.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

Makefile

logfs: remove from tree

2016-12-14 23:48:11 -05:00

mbcache.c

mbcache: document that "find" functions only return reusable entries

2016-12-03 15:55:01 -05:00

mount.h

vfs: add path_is_mountpoint() helper

2016-12-03 20:51:35 -05:00

mpage.c

fs: Add helper to clean bdev aliases under a bh and use it

2016-11-04 14:34:47 -06:00

namei.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

namespace.c

Merge branch 'work.namespace' into for-linus

2016-12-22 23:04:31 -05:00

no-block.c

…

nsfs.c

net: add an ioctl to get a socket network namespace

2016-10-31 10:56:36 -04:00

open.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

pipe.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

pnode.c

reorganize do_make_slave()

2016-12-16 16:30:49 -05:00

pnode.h

mnt: Add a per mount namespace limit on the number of mounts

2016-09-30 12:46:48 -05:00

posix_acl.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

proc_namespace.c

…

read_write.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

readdir.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

select.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

seq_file.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

signalfd.c

…

splice.c

splice: reinstate SIGPIPE/EPIPE handling

2016-12-21 10:59:34 -08:00

stack.c

…

stat.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

statfs.c

vfs: misc struct path constification

2016-12-05 19:03:49 -05:00

super.c

quota: Remove dqonoff_mutex

2016-11-30 08:38:07 +01:00

sync.c

…

timerfd.c

ktime: Cleanup ktime_set() usage

2016-12-25 17:21:22 +01:00

userfaultfd.c

mm: join struct fault_env and vm_fault

2016-12-14 16:04:09 -08:00

utimes.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00

xattr.c

Replace <asm/uaccess.h> with <linux/uaccess.h> globally

2016-12-24 11:46:01 -08:00