linux-stable

mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-25 16:49:33 +10:00

Go to file

Christian Göttsche a138989f05 ext4: reorder capability check last [ Upstream commit `1b419c889c` ] capable() calls refer to enabled LSMs whether to permit or deny the request. This is relevant in connection with SELinux, where a capability check results in a policy decision and by default a denial message on insufficient permission is issued. It can lead to three undesired cases: 1. A denial message is generated, even in case the operation was an unprivileged one and thus the syscall succeeded, creating noise. 2. To avoid the noise from 1. the policy writer adds a rule to ignore those denial messages, hiding future syscalls, where the task performs an actual privileged operation, leading to hidden limited functionality of that task. 3. To avoid the noise from 1. the policy writer adds a rule to permit the task the requested capability, while it does not need it, violating the principle of least privilege. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://patch.msgid.link/20250302160657.127253-2-cgoettsche@seltendoof.de Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org>		2025-06-04 14:37:00 +02:00
arch	um: Update min_low_pfn to match changes in uml_reserved	2025-06-04 14:37:00 +02:00
block	blk-iocost: do not WARN if iocg was already offlined	2025-05-02 07:41:07 +02:00
certs
crypto	crypto: null - Use spin lock instead of mutex	2025-05-02 07:41:18 +02:00
Documentation	sched/isolation: Prevent boot crash when the boot CPU is nohz_full	2025-04-10 14:30:48 +02:00
drivers	i2c: pxa: fix call balance of i2c->clk handling routines	2025-06-04 14:37:00 +02:00
fs	ext4: reorder capability check last	2025-06-04 14:37:00 +02:00
include	dma-mapping: avoid potential unused data compilation warning	2025-06-04 14:36:58 +02:00
init	sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP	2025-05-02 07:41:19 +02:00
io_uring	io_uring: fix possible deadlock in io_register_iowq_max_workers()	2024-11-17 14:59:39 +01:00
ipc
kernel	cgroup: Fix compilation issue due to cgroup_mutex not being exported	2025-06-04 14:36:58 +02:00
lib	dql: Fix dql->limit value when reset.	2025-06-04 14:36:59 +02:00
LICENSES
mm	mm: fix apply_to_existing_page_range()	2025-05-02 07:41:09 +02:00
net	SUNRPC: rpcbind should never reset the port to the value '0'	2025-06-04 14:36:59 +02:00
samples	tracing: samples: Initialize trace_array_printk() with the correct function	2025-06-04 14:36:57 +02:00
scripts	kconfig: merge_config: use an empty file as initfile	2025-06-04 14:36:58 +02:00
security	ima: Fix use-after-free on a dentry's dname.name	2025-03-13 12:47:24 +01:00
sound	ASoC: q6afe-clocks: fix reprobing of the driver	2025-06-04 14:36:57 +02:00
tools	tools/build: Don't pass test log files to linker	2025-06-04 14:36:59 +02:00
usr
virt	KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()	2024-10-22 15:39:24 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore	Remove *.orig pattern from .gitignore	2024-10-17 15:07:59 +02:00
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile	Linux 5.10.237	2025-05-02 07:41:22 +02:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.