forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
783,983 commits 5 branches 3 tags 4.3 GiB
Find a file
Stephen Smalley f77c84673d selinux: fix mounting of cgroup2 under older policies 
commit 7bb185edb0 upstream.

commit 901ef845fa ("selinux: allow per-file labeling for cgroupfs")
broke mounting of cgroup2 under older SELinux policies which lacked
a genfscon rule for cgroup2.  This prevents mounting of cgroup2 even
when SELinux is permissive.

Change the handling when there is no genfscon rule in policy to
just mark the inode unlabeled and not return an error to the caller.
This permits mounting and access if allowed by policy, e.g. to
unconfined domains.

I also considered changing the behavior of security_genfs_sid() to
never return -ENOENT, but the current behavior is relied upon by
other callers to perform caller-specific handling.

Fixes: 901ef845fa ("selinux: allow per-file labeling for cgroupfs")
CC: <stable@vger.kernel.org>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Waiman Long <longman@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Waiman Long <longman@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-13 11:08:44 -08:00
arch xen/pvh: don't try to unplug emulated devices 2018-11-13 11:08:40 -08:00
block block, bfq: correctly charge and reset entity service in all cases 2018-11-13 11:08:28 -08:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
Documentation Code of Conduct: Change the contact email address 2018-10-22 07:33:36 +01:00
drivers IB/mlx5: Fix MR cache initialization 2018-11-13 11:08:43 -08:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs ext4: fix use-after-free race in ext4_remount()'s error path 2018-11-13 11:08:43 -08:00
include IB/rxe: Revise the ib_wr_opcode enum 2018-11-13 11:08:43 -08:00
init Kbuild updates for v4.19 (2nd) 2018-08-25 13:40:38 -07:00
ipc ipc/shm.c: use ERR_CAST() for shm_lock() error return 2018-10-05 16:32:04 -07:00
kernel signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init 2018-11-13 11:08:38 -08:00
lib locking/lockdep: Fix debug_locks off performance problem 2018-11-13 11:08:20 -08:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mremap: properly flush TLB before releasing the page 2018-10-18 11:30:52 +02:00
net net/ipv4: defensive cipso option parsing 2018-11-13 11:08:41 -08:00
samples samples: disable CONFIG_SAMPLES for UML 2018-10-11 02:15:46 +09:00
scripts Kbuild fixes for v4.19 (2nd) 2018-10-11 19:23:07 +02:00
security selinux: fix mounting of cgroup2 under older policies 2018-11-13 11:08:44 -08:00
sound ASoC: sta32x: set ->component pointer in private struct 2018-11-13 11:08:42 -08:00
tools cpupower: Fix AMD Family 0x17 msr_pstate size 2018-11-13 11:08:38 -08:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: Remove obsolete kvm_unmap_hva notifier backend 2018-09-07 15:06:02 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS MAINTAINERS: Add an entry for the code of conduct 2018-10-22 07:33:36 +01:00
Makefile Linux 4.19.1 2018-11-04 14:50:54 +01:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.