aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael LeMay <mdlemay@epoch.ncsc.mil>2006-06-27 05:53:42 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-27 20:32:37 -0400
commit28eba5bf9d4bf3ba4d58d985abf3a2903b7f2125 (patch)
treee825fc3fb6bdd81ae0aa146572406eb69bc5404b
parent76b67ed9dce69a6a329cdd66f94af1787f417b62 (diff)
[PATCH] selinux: inherit /proc/self/attr/keycreate across fork
Update SELinux to cause the keycreate process attribute held in /proc/self/attr/keycreate to be inherited across a fork and reset upon execve. This is consistent with the handling of the other process attributes provided by SELinux and also makes it simpler to adapt logon programs to properly handle the keycreate attribute. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ac7f2b2e3924..28832e689800 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1532,8 +1532,9 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
1532 /* Default to the current task SID. */ 1532 /* Default to the current task SID. */
1533 bsec->sid = tsec->sid; 1533 bsec->sid = tsec->sid;
1534 1534
1535 /* Reset create and sockcreate SID on execve. */ 1535 /* Reset fs, key, and sock SIDs on execve. */
1536 tsec->create_sid = 0; 1536 tsec->create_sid = 0;
1537 tsec->keycreate_sid = 0;
1537 tsec->sockcreate_sid = 0; 1538 tsec->sockcreate_sid = 0;
1538 1539
1539 if (tsec->exec_sid) { 1540 if (tsec->exec_sid) {
@@ -2586,9 +2587,10 @@ static int selinux_task_alloc_security(struct task_struct *tsk)
2586 tsec2->osid = tsec1->osid; 2587 tsec2->osid = tsec1->osid;
2587 tsec2->sid = tsec1->sid; 2588 tsec2->sid = tsec1->sid;
2588 2589
2589 /* Retain the exec, create, and sock SIDs across fork */ 2590 /* Retain the exec, fs, key, and sock SIDs across fork */
2590 tsec2->exec_sid = tsec1->exec_sid; 2591 tsec2->exec_sid = tsec1->exec_sid;
2591 tsec2->create_sid = tsec1->create_sid; 2592 tsec2->create_sid = tsec1->create_sid;
2593 tsec2->keycreate_sid = tsec1->keycreate_sid;
2592 tsec2->sockcreate_sid = tsec1->sockcreate_sid; 2594 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
2593 2595
2594 /* Retain ptracer SID across fork, if any. 2596 /* Retain ptracer SID across fork, if any.