From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 30 May 2022 18:11:25 +0300 From: Vitaly Chikunov To: ALT Linux kernel packages development Message-ID: <20220530151125.yq4sncfwc5ns44jx@altlinux.org> References: <20220523134404.4178601-1-vseleznv@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: Subject: Re: [d-kernel] [PATCH v5] AltHa: handle setcap binaries in the same way as setuid ones X-BeenThere: devel-kernel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux kernel packages development List-Id: ALT Linux kernel packages development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2022 15:11:25 -0000 Archived-At: List-Archive: List-Post: Vladimir, On Mon, May 30, 2022 at 02:48:56PM +0300, Vladimir D. Seleznev wrote: > On Mon, May 23, 2022 at 01:44:04PM +0000, Vladimir D. Seleznev wrote: > > altha.nosuid facility controls what binaries can raise user privilleges. > > Prior to this commit it only handled setuid binaries, but it was still > > possible to raise privilleges via setcaps. Now it handles both setuid > > and setcap binaries. > > > > Signed-off-by: Vladimir D. Seleznev > > --- > > Documentation/admin-guide/LSM/AltHa.rst | 6 ++-- > > security/altha/Kconfig | 2 +- > > security/altha/altha_lsm.c | 47 ++++++++++++++++++++----- > > 3 files changed, 43 insertions(+), 12 deletions(-) > > > > Ping What about tests? ps. I also have additional thoughts about this protection concept itself. > > -- > WBR, > Vladimir D. Seleznev > _______________________________________________ > devel-kernel mailing list > devel-kernel@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/devel-kernel