MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,324,224 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
0476fd4ff4
Go to file
Tetsuo Handa 0476fd4ff4 tomoyo: use realpath if symlink's pathname refers to procfs 
Fedora 41 has reached Linux 6.12 kernel with TOMOYO enabled. I observed
that /usr/lib/systemd/systemd executes /usr/lib/systemd/systemd-executor
by passing dirfd == 9 or dirfd == 16 upon execveat().

Commit ada1986d07 ("tomoyo: fallback to realpath if symlink's pathname
does not exist") used realpath only if symlink's pathname does not exist.
But an out of tree patch suggested that it will be reasonable to always
use realpath if symlink's pathname refers to proc filesystem.

Therefore, this patch changes the pathname used for checking "file execute"
and the domainname used after a successful execve() request.

Before:

  <kernel> /usr/lib/systemd/systemd
  file execute proc:/self/fd/16 exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"
  file execute proc:/self/fd/9 exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/16
  file execute /usr/sbin/auditd exec.realpath="/usr/sbin/auditd" exec.argv[0]="/usr/sbin/auditd"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/16 /usr/sbin/auditd

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/9
  file execute /usr/bin/systemctl exec.realpath="/usr/bin/systemctl" exec.argv[0]="/usr/bin/systemctl"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/9 /usr/bin/systemctl

After:

  <kernel> /usr/lib/systemd/systemd
  file execute /usr/lib/systemd/systemd-executor exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor
  file execute /usr/bin/systemctl exec.realpath="/usr/bin/systemctl" exec.argv[0]="/usr/bin/systemctl"
  file execute /usr/sbin/auditd exec.realpath="/usr/sbin/auditd" exec.argv[0]="/usr/sbin/auditd"

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor /usr/bin/systemctl

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor /usr/sbin/auditd

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
2024-12-17 19:03:39 +09:00
arch ARC fixes for 6.13-r32 or rc4 2024-12-15 15:38:12 -08:00
block block: Fix potential deadlock while freezing queue and acquiring sysfs_lock 2024-12-13 10:51:58 -07:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto crypto: rsassa-pkcs1 - Copy source data for SG list 2024-12-10 13:34:05 +08:00
Documentation USB driver fixes for 6.13-rc3 2024-12-14 09:35:22 -08:00
drivers First batch of EFI fixes for v6.13 2024-12-15 15:33:41 -08:00
fs First batch of EFI fixes for v6.13 2024-12-15 15:33:41 -08:00
include ARC fixes for 6.13-r32 or rc4 2024-12-15 15:38:12 -08:00
init - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
io_uring io_uring/rsrc: don't put/free empty buffers 2024-12-12 08:01:52 -07:00
ipc - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
kernel - Prevent incorrect dequeueing of the deadline dlserver helper task and fix 2024-12-15 09:38:03 -08:00
lib - Remove if_not_guard() as it is generating incorrect code 2024-12-09 10:34:41 -08:00
LICENSES LICENSES: add 0BSD license text 2024-09-01 20:43:24 -07:00
mm slab fixes for 6.13-rc3 2024-12-13 09:43:50 -08:00
net BPF fixes: 2024-12-14 12:58:14 -08:00
rust rust: kbuild: set bindgen's Rust target version 2024-12-10 01:06:10 +01:00
samples BPF fixes: 2024-12-06 15:07:48 -08:00
scripts A single fix for a docs-build regression caused by the EXPORT_SYMBOL_NS() 2024-12-13 09:46:02 -08:00
security tomoyo: use realpath if symlink's pathname refers to procfs 2024-12-17 19:03:39 +09:00
sound ASoC: Fixes for v6.13 2024-12-12 14:49:35 +01:00
tools BPF fixes: 2024-12-14 12:58:14 -08:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt VFIO updates for v6.13 2024-11-27 12:57:03 -08:00
.clang-format clang-format: Update with v6.11-rc1's for_each macro list 2024-08-02 13:20:31 +02:00
.clippy.toml rust: enable Clippy's check-private-items 2024-10-07 21:39:57 +02:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore MAINTAINERS: Retire Ralf Baechle 2024-11-12 15:48:59 +01:00
.gitattributes
.gitignore Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
.mailmap media updates for v6.13-rc1 2024-11-20 14:01:15 -08:00
.rustfmt.toml
COPYING
CREDITS cgroup: Changes for v6.13 2024-11-20 09:54:49 -08:00
Kbuild
Kconfig
MAINTAINERS block-6.13-20241213 2024-12-13 15:10:59 -08:00
Makefile Linux 6.13-rc3 2024-12-15 15:58:23 -08:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.