On 03/11/2015 02:47 PM, Casey Schaufler wrote: > On 3/11/2015 9:42 AM, Stephen Smalley wrote: >> On 03/09/2015 09:20 PM, Casey Schaufler wrote: >>> Subject: [PATCH 6/7 v21] LSM: Switch to lists of hooks >>> >>> Instead of using a vector of security operations >>> with explicit, special case stacking of the capability >>> and yama hooks use lists of hooks with capability and >>> yama hooks included as appropriate. >>> >>> The security_operations structure is no longer required. >>> Instead, there is a union of the function pointers that >>> allows all the hooks lists to use a common mechanism for >>> list management while retaining typing. Each module >>> supplies an array describing the hooks it provides instead >>> of a sparsely populated security_operations structure. >>> The description includes the element that gets put on >>> the hook list, avoiding the issues surrounding individual >>> element allocation. >>> >>> The method for registering security modules is changed to >>> reflect the information available. The method for removing >>> a module, currently only used by SELinux, has also changed. >>> It should be generic now, however if there are potential >>> race conditions based on ordering of hook removal that needs >>> to be addressed by the calling module. >>> >>> The security hooks are called from the lists and the first >>> failure is returned. >>> >>> Signed-off-by: Casey Schaufler <[email protected]> >>> >>> --- >>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >>> index 0c45f08..3fd8610 100644 >>> --- a/security/selinux/hooks.c >>> +++ b/security/selinux/hooks.c >>> @@ -2008,24 +2002,12 @@ static int selinux_ptrace_access_check(struct >>> task_struct *child, >>> >>> static int selinux_ptrace_traceme(struct task_struct *parent) >>> { >>> - int rc; >>> - >>> - rc = cap_ptrace_traceme(parent); >>> - if (rc) >>> - return rc; >>> - >>> return task_has_perm(parent, current, PROCESS__PTRACE); >>> } >>> >>> static int selinux_capget(struct task_struct *target, kernel_cap_t >>> *effective, >>> kernel_cap_t *inheritable, kernel_cap_t *permitted) >>> { >>> - int error; >>> - >>> - error = current_has_perm(target, PROCESS__GETCAP); >>> - if (error) >>> - return error; >>> - >>> return cap_capget(target, effective, inheritable, permitted); >> Deleted the wrong code here. >> >>> } >> And failed to delete the cap_capset() call from selinux_capset(), and >> the cap_capable() call from selinux_capable(), so we're calling that >> code twice after the patch. > > So I see. It was right in v19, but wrong in v20. I'll have an update quickly.
Also looks like there is a residual cap_bprm_secureexec() call in security/apparmor/domain.c. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
