On Tue, 19 May 2020, Kees Cook wrote:
> > /* SELinux context only depends on initial program or script and not
> > * the script interpreter */
> > - if (bprm->called_set_creds)
> > - return 0;
> >
> > old_tsec = selinux_cred(current_cred());
> > new_tsec =
On Mon, May 18, 2020 at 07:30:10PM -0500, Eric W. Biederman wrote:
>
> Today security_bprm_set_creds has several implementations:
> apparmor_bprm_set_creds, cap_bprm_set_creds, selinux_bprm_set_creds,
> smack_bprm_set_creds, and tomoyo_bprm_set_creds.
>
> Except for cap_bprm_set_creds they all
On 5/18/2020 5:30 PM, Eric W. Biederman wrote:
> Today security_bprm_set_creds has several implementations:
> apparmor_bprm_set_creds, cap_bprm_set_creds, selinux_bprm_set_creds,
> smack_bprm_set_creds, and tomoyo_bprm_set_creds.
>
> Except for cap_bprm_set_creds they all test
Today security_bprm_set_creds has several implementations:
apparmor_bprm_set_creds, cap_bprm_set_creds, selinux_bprm_set_creds,
smack_bprm_set_creds, and tomoyo_bprm_set_creds.
Except for cap_bprm_set_creds they all test bprm->called_set_creds and
return immediately if it is true. The function
4 matches
Mail list logo