> -----Original Message----- > From: Jann Horn [mailto:[email protected]] > Sent: Wednesday, September 26, 2018 2:31 PM > To: Schaufler, Casey <[email protected]> > Cc: Kernel Hardening <[email protected]>; kernel list > <[email protected]>; linux-security-module <linux-security- > [email protected]>; [email protected]; Hansen, Dave > <[email protected]>; Dock, Deneen T <[email protected]>; > [email protected]; Arjan van de Ven <[email protected]> > Subject: Re: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED > > On Wed, Sep 26, 2018 at 10:35 PM Casey Schaufler > <[email protected]> wrote: > > A ptrace access check with mode PTRACE_MODE_SCHED gets called > > from process switching code. This precludes the use of audit, > > as the locking is incompatible. Don't do audit in the PTRACE_MODE_SCHED > > case. > > > > Signed-off-by: Casey Schaufler <[email protected]> > > --- > > security/smack/smack_lsm.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > > index 340fc30ad85d..ffa95bcab599 100644 > > --- a/security/smack/smack_lsm.c > > +++ b/security/smack/smack_lsm.c > > @@ -422,7 +422,8 @@ static int smk_ptrace_rule_check(struct task_struct > *tracer, > > struct task_smack *tsp; > > struct smack_known *tracer_known; > > > > - if ((mode & PTRACE_MODE_NOAUDIT) == 0) { > > + if ((mode & PTRACE_MODE_NOAUDIT) == 0 && > > + (mode & PTRACE_MODE_SCHED) == 0) { > > If you ORed PTRACE_MODE_NOAUDIT into the flags when calling the > security hook, you could drop this patch, right?
Yes. Since the PTRACE_MODE_NOAUDIT was in PTRACE_MODE_IBPB in Jiri's previous patch set and not in PTRACE_MODE_SCHED in this one I assumed that there was a good reason for it. _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
