path: root/security/Makefile
diff options
authorMicah Morton <>2019-01-22 14:42:09 -0800
committerJames Morris <>2019-01-25 11:22:43 -0800
commit40852275a94afb3e836be9248399e036982d1a79 (patch)
tree97db7b5d7dfae0ecd678b57bc861e60e949afe44 /security/Makefile
parent4b42564181d683d767b495d7041b1f229468042f (diff)
LSM: add SafeSetID module that gates setid calls
This change ensures that the set*uid family of syscalls in kernel/sys.c (setreuid, setuid, setresuid, setfsuid) all call ns_capable_common with the CAP_OPT_INSETID flag, so capability checks in the security_capable hook can know whether they are being called from within a set*uid syscall. This change is a no-op by itself, but is needed for the proposed SafeSetID LSM. Signed-off-by: Micah Morton <> Acked-by: Kees Cook <> Signed-off-by: James Morris <>
Diffstat (limited to 'security/Makefile')
0 files changed, 0 insertions, 0 deletions