3.2.97-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Ben Hutchings <[email protected]> Commit 1c8d42255f4c "ptrace: use fsuid, fsgid, effective creds for fs access checks" added flags to the ptrace mode which need to be ignored here. This change was made upstream in 3.3 as part of commit 69f594a38967 "ptrace: do not audit capability check when outputing /proc/pid/stat", but that's probably not suitable for stable due to its dependencies. Signed-off-by: Ben Hutchings <[email protected]> --- --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1845,7 +1845,7 @@ static int selinux_ptrace_access_check(s if (rc) return rc; - if (mode == PTRACE_MODE_READ) { + if (mode & PTRACE_MODE_READ) { u32 sid = current_sid(); u32 csid = task_sid(child); return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
