git.maquefel.me Git - linux.git/commit

author	Stefan Berger <stefanb@linux.ibm.com>
	Fri, 23 Feb 2024 17:25:05 +0000 (12:25 -0500)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 9 Apr 2024 21:14:57 +0000 (17:14 -0400)
commit	3253804773c0613a1bad5bfea2edf172b760d8b6
tree	d3f6b1b665725dbf66221496577d3030b9a9692f	tree \| snapshot
parent	c21632b66895eb23c05e4eeedb68128fb243d168	commit \| diff

security: allow finer granularity in permitting copy-up of security xattrs

Copying up xattrs is solely based on the security xattr name. For finer
granularity add a dentry parameter to the security_inode_copy_up_xattr
hook definition, allowing decisions to be based on the xattr content as
well.

Co-developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Amir Goldstein <amir73il@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com> (LSM,SELinux)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

fs/overlayfs/copy_up.c		diff \| blob \| history
include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/integrity/evm/evm_main.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history