qiurui
/
Ubuntu-focal-kernel
mirror of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Ubuntu-focal-kernel/security
History
Jeremy Cline 53cb14c982 lockdown: Allow unprivileged users to see lockdown status 
BugLink: https://bugs.launchpad.net/bugs/1885023

[ Upstream commit 60cf7c5ed5 ]

A number of userspace tools, such as systemtap, need a way to see the
current lockdown state so they can gracefully deal with the kernel being
locked down. The state is already exposed in
/sys/kernel/security/lockdown, but is only readable by root. Adjust the
permissions so unprivileged users can read the state.

Fixes: 000d388ed3 ("security: Add a static lockdown policy LSM")
Cc: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
 		2020-08-08 01:53:12 -04:00
..
apparmor apparmor: check/put label on apparmor_sk_clone_security() 2020-08-08 01:53:12 -04:00
integrity evm: Fix RCU list related warnings 2020-08-08 01:53:12 -04:00
keys mm: add kvfree_sensitive() for freeing sensitive data objects 2020-08-08 01:53:12 -04:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: Allow unprivileged users to see lockdown status 2020-08-08 01:53:12 -04:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux selinux: properly handle multiple messages in selinux_netlink_send() 2020-05-25 10:42:26 +02:00
smack Smack: slab-out-of-bounds in vsscanf 2020-08-08 01:53:12 -04:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-06 16:32:34 +00:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
Kconfig UBUNTU: SAUCE: security,perf: Allow further restriction of perf_event_open 2019-11-25 14:56:27 +01:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
commoncap.c exec: Always set cap_ambient in cap_bprm_set_creds 2020-06-22 17:23:28 -03:00
device_cgroup.c UBUNTU: SAUCE: import aufs driver 2019-11-25 14:56:45 +01:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
min_addr.c
security.c UBUNTU: SAUCE: import aufs driver 2019-11-25 14:57:01 +01:00