leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3a2f5a59a6
linux/security/smack
History
Stephen Smalley 3a2f5a59a6 security,selinux,smack: kill security_task_wait hook 
As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-01-12 11:10:57 -05:00
..
Kconfig Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
Makefile Smack: Repair netfilter dependency 2015-01-23 10:08:19 -08:00
smack_access.c Smack: Remove unnecessary smack_known_invalid 2016-11-15 09:34:39 -08:00
smack_lsm.c security,selinux,smack: kill security_task_wait hook 2017-01-12 11:10:57 -05:00
smack_netfilter.c security: Use IS_ENABLED() instead of checking for built-in or module 2016-08-08 13:08:25 -04:00
smack.h Smack: Remove unnecessary smack_known_invalid 2016-11-15 09:34:39 -08:00
smackfs.c Smack: Remove unnecessary smack_known_invalid 2016-11-15 09:34:39 -08:00