Google Git
Sign in
ara-mdk / kernel / panda / ddf971b6c8c502d70ff07d95d342152c865c2e28
commitddf971b6c8c502d70ff07d95d342152c865c2e28[log] [tgz]
authorJP Abgrall <jpa@google.com>Tue Dec 13 01:12:13 2011 +0800
committerAndy Green <andy.green@linaro.org>Mon Jan 09 11:10:08 2012 +0800
tree29aece8d7fb33628682ee4a53f00f053ba85c47e
parent69767123a06ef1b9071213f0c29c9c018ab316b2 [diff]
netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access

* uid handling
 - Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT.
   This affects socket tagging, and data removal.
 - Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS.
   This affects stats lookup.

* allow pacifying the module
  Setting passive to Y/y will make the module return immediately on
  external stimulus.
  No more stats and silent success on ctrl writes.
  Mainly used when one suspects this module of misbehaving.

Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4
Signed-off-by: JP Abgrall <jpa@google.com>
2 files changed
tree: 29aece8d7fb33628682ee4a53f00f053ba85c47e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. linaro-test-status
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS