Google Git
Sign in
kernel / pub / scm / linux / kernel / git / kees / linux.git / 89071615e676b9c1bab573ffb3f9235a725715fe
commit89071615e676b9c1bab573ffb3f9235a725715fe[log] [tgz]
authorKees Cook <keescook@chromium.org>Fri Jan 22 13:48:54 2016 -0800
committerKees Cook <keescook@chromium.org>Sun Oct 02 21:57:04 2016 -0700
tree7ae948b6efb3dcb853b60c1aa8aab762ba8e7ac2
parentc8d2bc9bc39ebea8437fd974fdbc21847bb897a3 [diff]
sysctl: expand use of proc_dointvec_minmax_sysadmin

Several sysctls expect a state where the highest value (in extra2) is
locked once set for that boot. Yama does this, and kptr_restrict should
be doing it. This extracts Yama's logic and adds it to the existing
proc_dointvec_minmax_sysadmin, taking care to avoid the simple boolean
states (which do not get locked). Since Yama wants to be checking a
different capabilities, we build wrappers for both cases (CAP_SYS_ADMIN
and CAP_SYS_PTRACE).

Signed-off-by: Kees Cook <keescook@chromium.org>
4 files changed
tree: 7ae948b6efb3dcb853b60c1aa8aab762ba8e7ac2
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS