Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 7fbfee7c authored Jan 17, 2019 by Linus Torvalds

Merge branch 'fixes-v5.0-rc2' of...

Merge branch 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem fixes from James Morris:
 "Fixes for the security subsystem.

  The first (by Casey actually - it's misattributed) fixes a regression
  introduced with the LSM stacking changes"

* 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  LSM: Check for NULL cred-security on free
  Yama: Check for pid death before checking ancestry
  seccomp: fix UAF in user-trap code

parents 47bfa6d9 a5795fd3

kernel/seccomp.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -976,6 +976,9 @@ static int seccomp_notify_release(struct inode inode, struct file file)
		struct seccomp_filter *filter = file->private_data;
		struct seccomp_knotif *knotif;

		if (!filter)
		return 0;

		mutex_lock(&filter->notify_lock);

		/*
		@@ -1300,6 +1303,7 @@ out:
		out_put_fd:
		if (flags & SECCOMP_FILTER_FLAG_NEW_LISTENER) {
		if (ret < 0) {
		listener_f->private_data = NULL;
		fput(listener_f);
		put_unused_fd(listener);
		} else {

security/security.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -1027,6 +1027,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)

		void security_cred_free(struct cred *cred)
		{
		/*
		* There is a failure case in prepare_creds() that
		* may result in a call here with ->security being NULL.
		*/
		if (unlikely(cred->security == NULL))
		return;

		call_void_hook(cred_free, cred);
		}

security/yama/yama_lsm.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
		break;
		case YAMA_SCOPE_RELATIONAL:
		rcu_read_lock();
		if (!task_is_descendant(current, child) &&
		if (!pid_alive(child))
		rc = -EPERM;
		if (!rc && !task_is_descendant(current, child) &&
		!ptracer_exception_found(current, child) &&
		!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
		rc = -EPERM;

CRA Git | Maintained and supported by SUSTech CRA and CCSE