Ondrej Mosnacek 914026d581 selinux: fix empty write to keycreate file ... [ Upstream commit 464c258aa45b09f16aa0f05847ed8895873262d9 ] When sid == 0 (we are resetting keycreate_sid to the default value), we should skip the KEY__CREATE check. Before this patch, doing a zero-sized write to /proc/self/keycreate would check if the current task can create unlabeled keys (which would usually fail with -EACCESS and generate an AVC). Now it skips the check and correctly sets the task's keycreate_sid to 0. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1719067 Tested using the reproducer from the report above. Fixes: 4eb582cf1f ("[PATCH] keys: add a way to store the appropriate context for newly-created keys") Reported-by: Kir Kolyshkin <kir@sacred.ru> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2019-07-26 09:14:07 +02:00
..
apparmor	apparmor: enforce nullbyte at end of tag string	2019-06-25 11:35:54 +08:00
integrity	evm: check hash algorithm passed to init_desc()	2019-06-09 09:17:21 +02:00
keys	keys: Fix dependency loop between construction record and auth key	2019-03-23 20:09:48 +01:00
loadpin
selinux	selinux: fix empty write to keycreate file	2019-07-26 09:14:07 +02:00
smack	smack: fix access permissions for keyring	2019-02-12 19:47:05 +01:00
tomoyo	Kbuild updates for v4.19	2018-08-15 12:09:03 -07:00
yama	Yama: Check for pid death before checking ancestry	2019-01-22 21:40:32 +01:00
commoncap.c
device_cgroup.c	device_cgroup: fix RCU imbalance in error case	2019-04-27 09:36:40 +02:00
inode.c	securityfs: fix use-after-free on symlink traversal	2019-05-25 18:23:42 +02:00
Kconfig	Revert "x86/mm/legacy: Populate the user page-table with user pgd's"	2018-09-14 17:08:45 +02:00
lsm_audit.c	missing barriers in some of unix_sock ->addr and ->path accesses	2019-03-19 13:12:41 +01:00
Makefile
min_addr.c
security.c	LSM: Check for NULL cred-security on free	2019-01-22 21:40:35 +01:00