linux/security
Eric Paris 8cf948e744 SELinux: call cap_file_mmap in selinux_file_mmap
Currently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook.  This
means there is no DAC check on the ability to mmap low addresses in the
memory space.  This function adds the DAC check for CAP_SYS_RAWIO while
maintaining the selinux check on mmap_zero.  This means that processes
which need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will
NOT need the SELinux sys_rawio capability.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-08-17 15:08:48 +10:00
..
integrity/ima integrity: add ima_counts_put (updated) 2009-06-29 08:59:10 +10:00
keys keys: Handle there being no fallback destination keyring for request_key() 2009-04-09 10:41:19 -07:00
selinux SELinux: call cap_file_mmap in selinux_file_mmap 2009-08-17 15:08:48 +10:00
smack Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 2009-06-11 10:01:41 -07:00
tomoyo TOMOYO: Add description of lists and structures. 2009-06-09 09:30:24 +10:00
capability.c Capabilities: move cap_file_mmap to commoncap.c 2009-08-17 15:08:35 +10:00
commoncap.c Capabilities: move cap_file_mmap to commoncap.c 2009-08-17 15:08:35 +10:00
device_cgroup.c devcgroup: skip superfluous checks when found the DEV_ALL elem 2009-06-18 13:03:47 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig security: use mmap_min_addr indepedently of security models 2009-06-04 12:07:48 +10:00
lsm_audit.c smack: implement logging V3 2009-04-14 09:00:19 +10:00
Makefile smack: implement logging V3 2009-04-14 09:00:23 +10:00
root_plug.c rootplug: Remove redundant initialization. 2009-05-27 13:30:46 +10:00
security.c security: use mmap_min_addr indepedently of security models 2009-06-04 12:07:48 +10:00