Merge tag 'v3.15' into next

author Paul Moore <pmoore@redhat.com>

Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)

committer Paul Moore <pmoore@redhat.com>

Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)
author Paul Moore <pmoore@redhat.com>
Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)
committer Paul Moore <pmoore@redhat.com>
Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)
diff --combined security/selinux/hooks.c

index b03b0776955a2c703c4ed95c3496eca5da15b00c,2c7341dbc5d68d1948ad0efa713ad3a85307608e..336f0a04450ee449a5d364750d3e356ce7b46ceb
--- 1/security/selinux/hooks.c
--- 2/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -106,7 -106,7 +106,7 @@@ int selinux_enforcing
   static int __init enforcing_setup(char *str)
   {
         unsigned long enforcing;
-       if (!strict_strtoul(str, 0, &enforcing))
+       if (!kstrtoul(str, 0, &enforcing))
                 selinux_enforcing = enforcing ? 1 : 0;
         return 1;
   }
@@@ -119,7 -119,7 +119,7 @@@ int selinux_enabled = CONFIG_SECURITY_S
   static int __init selinux_enabled_setup(char *str)
   {
         unsigned long enabled;
-       if (!strict_strtoul(str, 0, &enabled))
+       if (!kstrtoul(str, 0, &enabled))
                 selinux_enabled = enabled ? 1 : 0;
         return 1;
   }
@@@ -2123,13 -2123,11 +2123,13 @@@ static int selinux_bprm_set_creds(struc
                 new_tsec->exec_sid = 0;
   
                 /*
- -               * Minimize confusion: if no_new_privs and a transition is
- -               * explicitly requested, then fail the exec.
+ +               * Minimize confusion: if no_new_privs or nosuid and a
+ +               * transition is explicitly requested, then fail the exec.
                  */
                 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
                         return -EPERM;
+ +              if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
+ +                      return -EACCES;
         } else {
                 /* Check for a default transition on this program. */
                 rc = security_transition_sid(old_tsec->sid, isec->sid,
@@@ -2772,7 -2770,6 +2772,7 @@@ static int selinux_inode_follow_link(st
   
   static noinline int audit_inode_permission(struct inode *inode,
                                            u32 perms, u32 audited, u32 denied,
+ +                                         int result,
                                            unsigned flags)
   {
         struct common_audit_data ad;
@@@ -2783,7 -2780,7 +2783,7 @@@
         ad.u.inode = inode;
   
         rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
- -                          audited, denied, &ad, flags);
+ +                          audited, denied, result, &ad, flags);
         if (rc)
                 return rc;
         return 0;
@@@ -2825,7 -2822,7 +2825,7 @@@ static int selinux_inode_permission(str
         if (likely(!audited))
                 return rc;
   
- -      rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
+ +      rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
         if (rc2)
                 return rc2;
         return rc;
@@@ -3320,6 -3317,9 +3320,9 @@@ static int selinux_file_fcntl(struct fi
         case F_GETLK:
         case F_SETLK:
         case F_SETLKW:
+       case F_OFD_GETLK:
+       case F_OFD_SETLK:
+       case F_OFD_SETLKW:
   #if BITS_PER_LONG == 32
         case F_GETLK64:
         case F_SETLK64:
author	Paul Moore <pmoore@redhat.com>
	Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)
committer	Paul Moore <pmoore@redhat.com>
	Tue, 17 Jun 2014 21:30:23 +0000 (17:30 -0400)