Micah Morton fcfe0ac2fc security: Add LSM hook to setgroups() syscall ... Give the LSM framework the ability to filter setgroups() syscalls. There are already analagous hooks for the set*uid() and set*gid() syscalls. The SafeSetID LSM will use this new hook to ensure setgroups() calls are allowed by the installed security policy. Tested by putting print statement in security_task_fix_setgroups() hook and confirming that it gets hit when userspace does a setgroups() syscall. Acked-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Micah Morton <mortonm@chromium.org>		2022-07-15 18:21:49 +00:00
..
apparmor	linux-kselftest-kunit-5.19-rc1	2022-05-25 11:32:53 -07:00
bpf
integrity	integrity-v5.19	2022-05-24 13:50:39 -07:00
keys	KEYS: trusted: tpm2: Fix migratable logic	2022-06-08 14:12:13 +03:00
landlock	landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER	2022-05-23 13:27:59 +02:00
loadpin	loadpin: stop using bdevname	2022-05-16 16:02:21 -07:00
lockdown
safesetid	LSM: SafeSetID: Mark safesetid_initialized as __initdata	2021-06-10 09:52:32 -07:00
selinux	selinux: free contexts previously transferred in selinux_add_opt()	2022-06-15 21:20:45 -04:00
smack	Cleanups (and one fix) around struct mount handling.	2022-06-04 19:00:05 -07:00
tomoyo	LSM: Remove double path_rename hook calls for RENAME_EXCHANGE	2022-05-23 13:27:58 +02:00
yama
commoncap.c	fs: support mapped mounts of mapped filesystems	2021-12-05 10:28:57 +01:00
device_cgroup.c	bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean	2022-01-19 12:51:30 -08:00
inode.c
Kconfig	usercopy: Remove HARDENED_USERCOPY_PAGESPAN	2022-04-13 12:15:52 -07:00
Kconfig.hardening	randstruct: Enable Clang support	2022-05-08 01:33:07 -07:00
lsm_audit.c	selinux: log anon inode class name	2022-05-03 16:09:03 -04:00
Makefile	security: remove unneeded subdir-$(CONFIG_...)	2021-09-03 08:17:20 +09:00
min_addr.c
security.c	security: Add LSM hook to setgroups() syscall	2022-07-15 18:21:49 +00:00