diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-22 20:34:42 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-01-22 20:34:42 -0800 |
| commit | 21266b8df5224c4f677acf9f353eecc9094731f0 (patch) | |
| tree | 53bccb221736248181993c6c1c70819b9613f3d1 /include/linux | |
| parent | 5ab889facc6893e4a973d6ab5432550ef4f6ff09 (diff) | |
| parent | 95b3cdafd7cb74414070893445a9b731793f7b55 (diff) | |
Merge tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull AT_EXECVE_CHECK from Kees Cook:
- Implement AT_EXECVE_CHECK flag to execveat(2) (Mickaël Salaün)
- Implement EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
(Mickaël Salaün)
- Add selftests and samples for AT_EXECVE_CHECK (Mickaël Salaün)
* tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
ima: instantiate the bprm_creds_for_exec() hook
samples/check-exec: Add an enlighten "inc" interpreter and 28 tests
selftests: ktap_helpers: Fix uninitialized variable
samples/check-exec: Add set-exec
selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK
selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits
security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
exec: Add a new AT_EXECVE_CHECK flag to execveat(2)
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/binfmts.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 3305c849abd6..60d674af3080 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -44,7 +44,12 @@ struct linux_binprm { */ point_of_no_return:1, /* Set when "comm" must come from the dentry. */ - comm_from_dentry:1; + comm_from_dentry:1, + /* + * Set by user space to check executability according to the + * caller's environment. + */ + is_check:1; struct file *executable; /* Executable to pass to the interpreter */ struct file *interpreter; struct file *file; |