linux/security
Kirill Tkhai 64db4c7f4c security: Use user_namespace::level to avoid redundant iterations in cap_capable()
When ns->level is not larger then cred->user_ns->level,
then ns can't be cred->user_ns's descendant, and
there is no a sense to search in parents.

So, break the cycle earlier and skip needless iterations.

v2: Change comment on suggested by Andy Lutomirski.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2017-07-20 07:46:06 -05:00
..
apparmor Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
keys KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 16:05:24 -07:00
smack Smack: Use cap_capable in privilege check 2017-06-01 09:27:21 -07:00
tomoyo Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
yama doc: ReSTify Yama.txt 2017-05-18 10:33:04 -06:00
Kconfig include/linux/string.h: add the option of fortified string.h functions 2017-07-12 16:26:03 -07:00
Makefile
commoncap.c security: Use user_namespace::level to avoid redundant iterations in cap_capable() 2017-07-20 07:46:06 -05:00
device_cgroup.c
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
lsm_audit.c selinux: Add IB Port SMP access vector 2017-05-23 12:28:02 -04:00
min_addr.c
security.c security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior 2017-06-09 16:17:47 -04:00