Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit c1a85a00 authored by Micah Morton's avatar Micah Morton Committed by James Morris
Browse files

LSM: generalize flag passing to security_capable 


This patch provides a general mechanism for passing flags to the
security_capable LSM hook. It replaces the specific 'audit' flag that is
used to tell security_capable whether it should log an audit message for
the given capability check. The reason for generalizing this flag
passing is so we can add an additional flag that signifies whether
security_capable is being called by a setid syscall (which is needed by
the proposed SafeSetID LSM).

Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent 2233975c
Hide whitespace changes
Inline Side-by-side
Showing
with 71 additions and 67 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals