diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-10-25 16:29:51 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-10-25 16:29:51 -0400 |
| commit | e80bc229691a4f601a2476e07cbdf08a289a2ad6 (patch) | |
| tree | cb00f0bf7888470004fa18bfcff803da31a2a01e /security | |
| parent | 52ff0779d6cfcce24c0204c22b0b4899dc55449d (diff) | |
| parent | f0f9756b7260f4e78a2e4e412a55167178721ca2 (diff) | |
Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull smack updates from James Morris:
"From Casey: three patches for Smack for 4.20. Two clean up warnings
and one is a rarely encountered ptrace capability check"
* 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
Smack: Mark expected switch fall-through
Smack: ptrace capability use fixes
Smack: remove set but not used variable 'root_inode'
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 15 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 3 |
2 files changed, 11 insertions, 7 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 934dabe150fa..81fb4c1631e9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, | |||
| 421 | struct smk_audit_info ad, *saip = NULL; | 421 | struct smk_audit_info ad, *saip = NULL; |
| 422 | struct task_smack *tsp; | 422 | struct task_smack *tsp; |
| 423 | struct smack_known *tracer_known; | 423 | struct smack_known *tracer_known; |
| 424 | const struct cred *tracercred; | ||
| 424 | 425 | ||
| 425 | if ((mode & PTRACE_MODE_NOAUDIT) == 0) { | 426 | if ((mode & PTRACE_MODE_NOAUDIT) == 0) { |
| 426 | smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); | 427 | smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); |
| @@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, | |||
| 429 | } | 430 | } |
| 430 | 431 | ||
| 431 | rcu_read_lock(); | 432 | rcu_read_lock(); |
| 432 | tsp = __task_cred(tracer)->security; | 433 | tracercred = __task_cred(tracer); |
| 434 | tsp = tracercred->security; | ||
| 433 | tracer_known = smk_of_task(tsp); | 435 | tracer_known = smk_of_task(tsp); |
| 434 | 436 | ||
| 435 | if ((mode & PTRACE_MODE_ATTACH) && | 437 | if ((mode & PTRACE_MODE_ATTACH) && |
| @@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, | |||
| 439 | rc = 0; | 441 | rc = 0; |
| 440 | else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) | 442 | else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) |
| 441 | rc = -EACCES; | 443 | rc = -EACCES; |
| 442 | else if (capable(CAP_SYS_PTRACE)) | 444 | else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) |
| 443 | rc = 0; | 445 | rc = 0; |
| 444 | else | 446 | else |
| 445 | rc = -EACCES; | 447 | rc = -EACCES; |
| @@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
| 1841 | { | 1843 | { |
| 1842 | struct smack_known *skp; | 1844 | struct smack_known *skp; |
| 1843 | struct smack_known *tkp = smk_of_task(tsk->cred->security); | 1845 | struct smack_known *tkp = smk_of_task(tsk->cred->security); |
| 1846 | const struct cred *tcred; | ||
| 1844 | struct file *file; | 1847 | struct file *file; |
| 1845 | int rc; | 1848 | int rc; |
| 1846 | struct smk_audit_info ad; | 1849 | struct smk_audit_info ad; |
| @@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, | |||
| 1854 | skp = file->f_security; | 1857 | skp = file->f_security; |
| 1855 | rc = smk_access(skp, tkp, MAY_DELIVER, NULL); | 1858 | rc = smk_access(skp, tkp, MAY_DELIVER, NULL); |
| 1856 | rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); | 1859 | rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); |
| 1857 | if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) | 1860 | |
| 1861 | rcu_read_lock(); | ||
| 1862 | tcred = __task_cred(tsk); | ||
| 1863 | if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) | ||
| 1858 | rc = 0; | 1864 | rc = 0; |
| 1865 | rcu_read_unlock(); | ||
| 1859 | 1866 | ||
| 1860 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); | 1867 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); |
| 1861 | smk_ad_setfield_u_tsk(&ad, tsk); | 1868 | smk_ad_setfield_u_tsk(&ad, tsk); |
| @@ -3467,7 +3474,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
| 3467 | */ | 3474 | */ |
| 3468 | final = &smack_known_star; | 3475 | final = &smack_known_star; |
| 3469 | /* | 3476 | /* |
| 3470 | * No break. | 3477 | * Fall through. |
| 3471 | * | 3478 | * |
| 3472 | * If a smack value has been set we want to use it, | 3479 | * If a smack value has been set we want to use it, |
| 3473 | * but since tmpfs isn't giving us the opportunity | 3480 | * but since tmpfs isn't giving us the opportunity |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..06b517075ec0 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -2853,7 +2853,6 @@ static const struct file_operations smk_ptrace_ops = { | |||
| 2853 | static int smk_fill_super(struct super_block *sb, void *data, int silent) | 2853 | static int smk_fill_super(struct super_block *sb, void *data, int silent) |
| 2854 | { | 2854 | { |
| 2855 | int rc; | 2855 | int rc; |
| 2856 | struct inode *root_inode; | ||
| 2857 | 2856 | ||
| 2858 | static const struct tree_descr smack_files[] = { | 2857 | static const struct tree_descr smack_files[] = { |
| 2859 | [SMK_LOAD] = { | 2858 | [SMK_LOAD] = { |
| @@ -2917,8 +2916,6 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) | |||
| 2917 | return rc; | 2916 | return rc; |
| 2918 | } | 2917 | } |
| 2919 | 2918 | ||
| 2920 | root_inode = d_inode(sb->s_root); | ||
| 2921 | |||
| 2922 | return 0; | 2919 | return 0; |
| 2923 | } | 2920 | } |
| 2924 | 2921 | ||