On Mon, Oct 01, 2012 at 08:16:11PM -0400, Jeff Layton wrote:
In some cases, we were passing in NULL even when we have a dentry.
Reported-by: Eric Paris epa...@redhat.com
Signed-off-by: Jeff Layton jlay...@redhat.com
---
kernel/auditsc.c | 4 ++--
1 file changed, 2 insertions(+), 2
+#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
+#define AUDIT_TYPE_NORMAL1 /* a normal audit record */
I don't care about tab vs space after the #define, but at least be
consistent.
--
Linux-audit mailing list
Linux-audit@redhat.com
On Mon, Oct 01, 2012 at 08:16:12PM -0400, Jeff Layton wrote:
If name is NULL then the condition in the loop will never be true. Also,
with this change, we can eliminate the check for n-name == NULL since
the equivalence check will never be true if it is.
Given that name == NULL is a static
at we should pick it up
for this merge window:
Reviewed-by: Christoph Hellwig
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
I don't know much about seccomp, so just a few general nitpicks:
On Wed, Oct 24, 2018 at 01:40:36PM -0700, Palmer Dabbelt wrote:
> + bool "Enable seccomp to safely compute untrusted bytecode"
> +
> + help
The empty line above is odd, please drop it.
> +++
This has a bunch of crazy long lines.
Also some of the refatoring might be worth slpitting into prep patches.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
> index cebaa3e81794..20ee291a7af4 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -463,7 +463,6 @@ static int mnt_make_readonly(struct mount *mnt)
> {
> int ret = 0;
>
> - lock_mount_hash();
What about adding a lockdep_assert_lock_held in all the functions
that used to
> +static inline kuid_t kuid_into_mnt(struct user_namespace *to, kuid_t kuid)
> +{
> +#ifdef CONFIG_IDMAP_MOUNTS
> + return make_kuid(to, __kuid_val(kuid));
> +#else
> + return kuid;
> +#endif
> +}
> +
> +static inline kgid_t kgid_into_mnt(struct user_namespace *to, kgid_t kgid)
> +{
>
On Thu, Oct 29, 2020 at 01:32:23AM +0100, Christian Brauner wrote:
> Introduce a new mount bind mount property to allow idmapping mounts. The
> MOUNT_ATTR_IDMAP flag can be set via the new mount_setattr() syscall
> together with a file descriptor referring to a user namespace.
Shouldn't this go
> /**
> * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
> * @inode: The inode in question
> @@ -501,9 +513,7 @@ bool privileged_wrt_inode_uidgid(struct user_namespace
> *ns, const struct inode *
> */
> bool capable_wrt_inode_uidgid(const struct inode *inode, int
On Thu, Dec 02, 2021 at 09:29:52AM +, Roberto Sassu wrote:
> The problem being solved is how to grant access to files
> which satisfy a property defined in the policy.
If you have want to enforce access to files in the block layer using
a specific stacking block driver you don't just have one
On Thu, Dec 02, 2021 at 07:59:38AM +, Roberto Sassu wrote:
> ok, I will send it together with a patch for a not yet accepted
> software, Integrity Policy Enforcement (IPE), that will be
> the primary user of the introduced functionality.
>
> Regarding the patch itself, could you please
On Wed, Dec 01, 2021 at 05:37:08PM +0100, Roberto Sassu wrote:
> Users of the device mapper driver might want to obtain a device status,
> with status types defined in the status_type_t enumerator.
The patch looks really odd. And without the corresponding user of your
new functionality it is
On Mon, Jan 30, 2023 at 02:57:24PM -0800, Fan Wu wrote:
> From: Deven Bowers
>
> block_device structures can have valuable security properties,
> based on how they are created, and what subsystem manages them.
That's a lot of cloudy talk but no real explanation.
--
Linux-audit mailing list
14 matches
Mail list logo