• T
    LSM: SafeSetID: Add GID security policy handling · 5294bac9
    Thomas Cedeno 提交于
    The SafeSetID LSM has functionality for restricting setuid() calls based
    on its configured security policies. This patch adds the analogous
    functionality for setgid() calls. This is mostly a copy-and-paste change
    with some code deduplication, plus slight modifications/name changes to
    the policy-rule-related structs (now contain GID rules in addition to
    the UID ones) and some type generalization since SafeSetID now needs to
    deal with kgid_t and kuid_t types.
    Signed-off-by: NThomas Cedeno <thomascedeno@google.com>
    Signed-off-by: NMicah Morton <mortonm@chromium.org>
    5294bac9
SafeSetID.rst 6.8 KB