5:41 -0800)
Fix NNP when already under root-created filter
Jann Horn (1):
seccomp: always propagate NO_NEW_PRIVS on tsync
kernel/seccomp.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
--
em data needed by the kernel.
>
> Annotate this before we extend firmare_class more,
> as this is expected. We want to generalize the code
> as much as possible.
>
> Cc: Rusty Russell
> Cc: Andrew Morton
> Cc: Greg Kroah-Hartman
> Cc: David Howells
> Cc: Kees Cook
>
)->cbs.sync.opt_fail_cb)
> +#define desc_sync_opt_context(desc)((desc)->cbs.sync.opt_fail_context)
> +static inline int desc_sync_opt_call_cb(const struct sysdata_file_desc *desc)
> +{
> + if (desc->sync_reqs.mode != SYNCDATA_SYNC)
> + return -EINVAL;
> + if
gs ORed into them.
>
> Signed-off-by: Jann Horn
Acked-by: Kees Cook
-Kees
> ---
> security/smack/smack_lsm.c | 8 +++-
> security/yama/yama_lsm.c | 4 ++--
> 2 files changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/sm
, this could be used by an attacker to reveal
> the memory layout of root's processes or reveal the contents of
> files he is not allowed to access (through /proc/$pid/cwd).
>
> Signed-off-by: Jann Horn
Acked-by: Kees Cook
-Kees
> ---
> fs/proc/array.c
reds;
> diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
> index e88d071..5d453e5 100644
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -194,7 +194,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct
> iov_iter *iter,
> goto f
(audit_enabled && (signr || unlikely(!audit_dummy_context(
> __audit_seccomp(syscall, signr, code);
> }
>
> @@ -498,7 +504,6 @@ extern int audit_rule_change(int type, __u32 portid, int
> seq,
> void *data, size_t datasz);
>
