sieni
/
linux
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/security
History
Juergen Gross 1613462be6 xen/privcmd: add boot control for restricted usage in domU 
When running in an unprivileged domU under Xen, the privcmd driver
is restricted to allow only hypercalls against a target domain, for
which the current domU is acting as a device model.

Add a boot parameter "unrestricted" to allow all hypercalls (the
hypervisor will still refuse destructive hypercalls affecting other
guests).

Make this new parameter effective only in case the domU wasn't started
using secure boot, as otherwise hypercalls targeting the domU itself
might result in violating the secure boot functionality.

This is achieved by adding another lockdown reason, which can be
tested to not being set when applying the "unrestricted" option.

This is part of XSA-482

Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- new patch
 		2026-03-20 12:06:01 +01:00
..
apparmor apparmor: fix race between freeing data and fs accessing it 2026-03-09 16:05:44 -07:00
bpf lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
integrity Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
ipe Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
keys Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
landlock Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
loadpin Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
lockdown lockdown: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
safesetid Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
selinux Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
smack Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tomoyo treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
yama Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
Kconfig security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
Makefile lsm: split the init code out into lsm_init.c 2025-10-22 19:24:16 -04:00
commoncap.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
commoncap_test.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
device_cgroup.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
inode.c Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
lsm.h lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_init.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_notifier.c lsm: split the notifier code out into lsm_notifier.c 2025-10-22 19:24:15 -04:00
lsm_syscalls.c lsm: rework lsm_active_cnt and lsm_idlist[] 2025-10-22 19:24:19 -04:00
min_addr.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
security.c xen/privcmd: add boot control for restricted usage in domU 2026-03-20 12:06:01 +01:00