-
- Downloads
security: Add LSM hook to setgroups() syscall
Give the LSM framework the ability to filter setgroups() syscalls. There are already analagous hooks for the set*uid() and set*gid() syscalls. The SafeSetID LSM will use this new hook to ensure setgroups() calls are allowed by the installed security policy. Tested by putting print statement in security_task_fix_setgroups() hook and confirming that it gets hit when userspace does a setgroups() syscall. Acked-by:Casey Schaufler <casey@schaufler-ca.com> Reviewed-by:
Serge Hallyn <serge@hallyn.com> Signed-off-by:
Micah Morton <mortonm@chromium.org>
Showing
- include/linux/lsm_hook_defs.h 1 addition, 0 deletionsinclude/linux/lsm_hook_defs.h
- include/linux/lsm_hooks.h 7 additions, 0 deletionsinclude/linux/lsm_hooks.h
- include/linux/security.h 7 additions, 0 deletionsinclude/linux/security.h
- kernel/groups.c 13 additions, 0 deletionskernel/groups.c
- security/security.c 5 additions, 0 deletionssecurity/security.c
Loading
Please register or sign in to comment