projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4ba35c) | patch
security,selinux,smack: kill security_task_wait hook
authorStephen Smalley <sds@tycho.nsa.gov>
Tue, 10 Jan 2017 17:28:32 +0000 (12:28 -0500)
committerPaul Moore <paul@paul-moore.com>
Thu, 12 Jan 2017 16:10:57 +0000 (11:10 -0500)
commit3a2f5a59a695a73e0cde9a61e0feae5fa730e936
tree058704d18e909a2c0b46356c74d3c1156c2206aatree | snapshot (tar.gz zip)
parentb4ba35c75a0671a06b978b6386b54148efddf39fcommit | diff
security,selinux,smack: kill security_task_wait hook

As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
include/linux/lsm_hooks.h diff | blob | blame | history
include/linux/security.h diff | blob | blame | history
kernel/exit.c diff | blob | blame | history
security/security.c diff | blob | blame | history
security/selinux/hooks.c diff | blob | blame | history
security/smack/smack_lsm.c diff | blob | blame | history