mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Browse source 
Pull lockdown update from James Morris:
 "An update for the security subsystem to allow unprivileged users
  to see the status of the lockdown feature. From Jeremy Cline"

Also an added comment to describe CAP_SETFCAP.

* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  capabilities: add description for CAP_SETFCAP
  lockdown: Allow unprivileged users to see lockdown status
This commit is contained in:
Linus Torvalds 2020-06-02 17:36:24 -07:00
commit d9afbb3509
2 changed files with 3 additions and 1 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

2
include/uapi/linux/capability.h
View file

@ -332,6 +332,8 @@ struct vfs_ns_cap_data {
#define CAP_AUDIT_CONTROL 30 #define CAP_AUDIT_CONTROL 30
/* Set or remove capabilities on files */
#define CAP_SETFCAP 31 #define CAP_SETFCAP 31
/* Override MAC access. /* Override MAC access.

2
security/lockdown/lockdown.c
View file

@ -150,7 +150,7 @@ static int __init lockdown_secfs_init(void)
{ {
struct dentry *dentry; struct dentry *dentry;
dentry = securityfs_create_file("lockdown", 0600, NULL, NULL, dentry = securityfs_create_file("lockdown", 0644, NULL, NULL,
&lockdown_ops); &lockdown_ops);
return PTR_ERR_OR_ZERO(dentry); return PTR_ERR_OR_ZERO(dentry);
} }