landlock: Change landlock_restrict_self(2) check ordering (c1d9c0d0) · Commits · SECO Northern Europe / Kernel / linux-guf

Commit c1d9c0d0 authored 2 years ago by Mickaël Salaün Committed by Greg Kroah-Hartman 2 years ago

landlock: Change landlock_restrict_self(2) check ordering

commit eba39ca4b155c54adf471a69e91799cc1727873f upstream.

According to the Landlock goal to be a security feature available to
unprivileges processes, it makes more sense to first check for
no_new_privs before checking anything else (i.e. syscall arguments).

Merge inval_fd_enforce and unpriv_enforce_without_no_new_privs tests
into the new restrict_self_checks_ordering.  This is similar to the
previous commit checking other syscalls.

Link: https://lore.kernel.org/r/20220506160820.524344-10-mic@digikod.net


Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 1707df9e

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 41 additions and 14 deletions

Please register or to comment