diff options
author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-27 05:53:42 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-27 20:32:37 -0400 |
commit | 28eba5bf9d4bf3ba4d58d985abf3a2903b7f2125 (patch) | |
tree | e825fc3fb6bdd81ae0aa146572406eb69bc5404b | |
parent | 76b67ed9dce69a6a329cdd66f94af1787f417b62 (diff) |
[PATCH] selinux: inherit /proc/self/attr/keycreate across fork
Update SELinux to cause the keycreate process attribute held in
/proc/self/attr/keycreate to be inherited across a fork and reset upon
execve. This is consistent with the handling of the other process
attributes provided by SELinux and also makes it simpler to adapt logon
programs to properly handle the keycreate attribute.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ac7f2b2e3924..28832e689800 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1532,8 +1532,9 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) | |||
1532 | /* Default to the current task SID. */ | 1532 | /* Default to the current task SID. */ |
1533 | bsec->sid = tsec->sid; | 1533 | bsec->sid = tsec->sid; |
1534 | 1534 | ||
1535 | /* Reset create and sockcreate SID on execve. */ | 1535 | /* Reset fs, key, and sock SIDs on execve. */ |
1536 | tsec->create_sid = 0; | 1536 | tsec->create_sid = 0; |
1537 | tsec->keycreate_sid = 0; | ||
1537 | tsec->sockcreate_sid = 0; | 1538 | tsec->sockcreate_sid = 0; |
1538 | 1539 | ||
1539 | if (tsec->exec_sid) { | 1540 | if (tsec->exec_sid) { |
@@ -2586,9 +2587,10 @@ static int selinux_task_alloc_security(struct task_struct *tsk) | |||
2586 | tsec2->osid = tsec1->osid; | 2587 | tsec2->osid = tsec1->osid; |
2587 | tsec2->sid = tsec1->sid; | 2588 | tsec2->sid = tsec1->sid; |
2588 | 2589 | ||
2589 | /* Retain the exec, create, and sock SIDs across fork */ | 2590 | /* Retain the exec, fs, key, and sock SIDs across fork */ |
2590 | tsec2->exec_sid = tsec1->exec_sid; | 2591 | tsec2->exec_sid = tsec1->exec_sid; |
2591 | tsec2->create_sid = tsec1->create_sid; | 2592 | tsec2->create_sid = tsec1->create_sid; |
2593 | tsec2->keycreate_sid = tsec1->keycreate_sid; | ||
2592 | tsec2->sockcreate_sid = tsec1->sockcreate_sid; | 2594 | tsec2->sockcreate_sid = tsec1->sockcreate_sid; |
2593 | 2595 | ||
2594 | /* Retain ptracer SID across fork, if any. | 2596 | /* Retain ptracer SID across fork, if any. |