shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 12:57:06 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e438ca1b62959c283ac036edf852e6b1a9707a0
linux/net
History
Jeff Vander Stoep 2fd9e60760 vsock: use ns_capable_noaudit() on socket create 
[ Upstream commit af545bb5ee ]

During __vsock_create() CAP_NET_ADMIN is used to determine if the
vsock_sock->trusted should be set to true. This value is used later
for determing if a remote connection should be allowed to connect
to a restricted VM. Unfortunately, if the caller doesn't have
CAP_NET_ADMIN, an audit message such as an selinux denial is
generated even if the caller does not want a trusted socket.

Logging errors on success is confusing. To avoid this, switch the
capable(CAP_NET_ADMIN) check to the noaudit version.

Reported-by: Roman Kiryanov <rkir@google.com>
https://android-review.googlesource.com/c/device/generic/goldfish/+/1468545/
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/r/20201023143757.377574-1-jeffv@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-11-10 12:37:30 +01:00
..
6lowpan
6lowpan: no need to check return value of debugfs_create functions
2019-07-06 12:50:01 +02:00
9p
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
2020-11-05 11:43:20 +01:00
802
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
8021q
vlan: vlan_changelink() should propagate errors
2020-01-12 12:21:50 +01:00
appletalk
appletalk: Fix atalk_proc_init() return path
2020-08-11 15:33:40 +02:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 13:17:58 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 18:39:31 +02:00
batman-adv
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
2020-10-01 13:18:19 +02:00
bluetooth
Bluetooth: Only mark socket zapped after unlocking
2020-10-29 09:58:06 +01:00
bpf
bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN
2019-07-25 18:00:41 -07:00
bpfilter
net/bpfilter: remove superfluous testing message
2020-04-21 09:04:53 +02:00
bridge
netfilter: ebtables: Fixes dropping of small packets in bridge nat
2020-10-29 09:57:57 +01:00
caif
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
can
net: j1939: j1939_session_fresh_new(): fix missing initialization of skbcnt
2020-10-29 09:57:24 +01:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-05 11:43:34 +01:00
core
socket: don't clear SOCK_TSTAMP_NEW when SO_TIMESTAMPNS is disabled
2020-11-01 12:01:01 +01:00
dcb
net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
2020-09-26 18:03:12 +02:00
dccp
dccp: Fix possible memleak in dccp_init and dccp_fini
2020-06-17 16:40:32 +02:00
decnet
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2020-01-04 19:18:58 +01:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-04-23 10:36:45 +02:00
dsa
dsa: Allow forwarding of redirected IGMP traffic
2020-09-23 12:40:33 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:20:06 +01:00
hsr
hsr: check protocol version in hsr_newlink()
2020-04-21 09:04:44 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-18 07:17:44 +01:00
ife
net: Fix Kconfig indentation
2019-09-26 08:56:17 +02:00
ipv4
ip_tunnel: fix over-mtu packet send fail without TUNNEL_DONT_FRAGMENT flags
2020-11-10 12:37:25 +01:00
ipv6
netfilter: nf_log: missing vlan offload tag and proto
2020-10-29 09:57:45 +01:00
iucv
net/af_iucv: mark expected switch fall-throughs
2019-07-29 10:26:14 -07:00
kcm
kcm: disable preemption in kcm_parse_func_strparser()
2019-09-27 10:27:14 +02:00
key
af_key: pfkey_dump needs parameter validation
2020-09-26 18:03:10 +02:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:32:47 +02:00
l3mdev
ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF
2019-06-23 13:24:17 -07:00
lapb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-17 20:20:36 -07:00
llc
net: silence data-races on sk_backlog.tail
2020-10-01 13:17:15 +02:00
mac80211
mac80211: handle lack of sband->bitrates in rates
2020-10-29 09:58:04 +01:00
mac802154
mac802154: tx: fix use-after-free
2020-10-01 13:18:17 +02:00
mpls
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
2019-12-18 16:08:42 +01:00
ncsi
net/ncsi: Disable global multicast filter
2019-09-19 18:04:40 -07:00
netfilter
netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create
2020-11-01 12:01:01 +01:00
netlabel
netlabel: fix problems with mapping removal
2020-09-12 14:18:55 +02:00
netlink
genetlink: remove genl_bind
2020-07-22 09:32:46 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-29 16:33:08 +02:00
nfc
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
2020-10-29 09:57:26 +01:00
nsh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
openvswitch
openvswitch: handle DNAT tuple collision
2020-10-14 10:33:02 +02:00
packet
net/packet: fix overflow in tpacket_rcv
2020-09-09 19:12:29 +02:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
psample
net: psample: fix skb_over_panic
2019-12-04 22:30:54 +01:00
qrtr
net: qrtr: check skb_put_padto() return value
2020-09-26 18:03:15 +02:00
rds
rds: Prevent kernel-infoleak in rds_notify_queue_get()
2020-08-05 09:59:44 +02:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 12:21:33 +01:00
rose
net: core: add generic lockdep keys
2019-10-24 14:53:48 -07:00
rxrpc
rxrpc: Fix server keyring leak
2020-10-14 10:33:05 +02:00
sched
net/sched: act_mpls: Add softdep on mpls_gso.ko
2020-11-01 12:01:03 +01:00
sctp
sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
2020-11-10 12:37:26 +01:00
smc
net/smc: fix valid DMBE buffer sizes
2020-10-29 09:57:23 +01:00
strparser
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
sunrpc
SUNRPC: Mitigate cond_resched() in xprt_transmit()
2020-11-05 11:43:18 +01:00
switchdev
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tipc
tipc: fix use-after-free in tipc_bcast_get_mode
2020-11-10 12:37:24 +01:00
tls
net/tls: sendfile fails with ktls offload
2020-10-29 09:57:23 +01:00
unix
skbuff: fix a data race in skb_queue_len()
2020-10-01 13:17:31 +02:00
vmw_vsock
vsock: use ns_capable_noaudit() on socket create
2020-11-10 12:37:30 +01:00
wimax
wimax: no need to check return value of debugfs_create functions
2019-08-10 15:25:47 -07:00
wireless
nl80211: fix non-split wiphy information
2020-10-29 09:57:44 +01:00
x25
net/x25: Fix null-ptr-deref in x25_disconnect
2020-08-05 09:59:44 +02:00
xdp
xdp: Fix xsk_generic_xmit errno
2020-06-24 17:50:44 +02:00
xfrm
xfrm: Use correct address family in xfrm_state_find
2020-10-14 10:33:03 +02:00
compat.c
net/compat: Add missing sock updates for SCM_RIGHTS
2020-08-21 13:05:25 +02:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-04-01 11:02:18 +02:00
Makefile
socket.c
net: Set fput_needed iff FDPUT_FPUT is set
2020-08-19 08:16:22 +02:00
sysctl_net.c