Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security (704bb813) · Commits · 戴 / test

kernel/seccomp.c

+11 −11

Original line number	Diff line number	Diff line
		@@ -316,13 +316,7 @@ static inline void seccomp_sync_threads(void)
		put_seccomp_filter(thread);
		smp_store_release(&thread->seccomp.filter,
		caller->seccomp.filter);
		/*
		* Opt the other thread into seccomp if needed.
		* As threads are considered to be trust-realm
		* equivalent (see ptrace_may_access), it is safe to
		* allow one thread to transition the other.
		*/
		if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) {

		/*
		* Don't let an unprivileged task work around
		* the no_new_privs restriction by creating
		@@ -332,10 +326,16 @@ static inline void seccomp_sync_threads(void)
		if (task_no_new_privs(caller))
		task_set_no_new_privs(thread);

		/*
		* Opt the other thread into seccomp if needed.
		* As threads are considered to be trust-realm
		* equivalent (see ptrace_may_access), it is safe to
		* allow one thread to transition the other.
		*/
		if (thread->seccomp.mode == SECCOMP_MODE_DISABLED)
		seccomp_assign_mode(thread, SECCOMP_MODE_FILTER);
		}
		}
		}

		/**
		* seccomp_prepare_filter: Prepares a seccomp filter for use.

+2 −1

Original line number	Diff line number	Diff line
		@@ -430,6 +430,7 @@ static int __key_instantiate_and_link(struct key *key,

		/* and link it into the destination keyring */
		if (keyring) {
		if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
		set_bit(KEY_FLAG_KEEP, &key->flags);

		__key_link(key, _edit);