linux_dsm_epyc7002/security
Miklos Szeredi 02dee03d48 cap: fix conversions on getxattr
[ Upstream commit f2b00be488730522d0fb7a8a5de663febdcefe0a ]

If a capability is stored on disk in v2 format cap_inode_getsecurity() will
currently return in v2 format unconditionally.

This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid,
and so the same conversions performed on it.

If the rootid cannot be mapped, v3 is returned unconverted.  Fix this so
that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs
user namespace in case of v2) cannot be mapped into the current user
namespace.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-02-17 11:02:22 +01:00
..
apparmor
bpf
integrity ima: Don't modify file descriptor mode on the fly 2020-12-30 11:54:17 +01:00
keys
loadpin
lockdown
safesetid
selinux selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling 2020-12-30 11:53:03 +01:00
smack Smack: Handle io_uring kernel thread privileges 2020-12-30 11:54:02 +01:00
tomoyo
yama
commoncap.c cap: fix conversions on getxattr 2021-02-17 11:02:22 +01:00
device_cgroup.c
inode.c
Kconfig
Kconfig.hardening
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:27:29 +01:00
Makefile
min_addr.c
security.c