aboutsummaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 12:25:14 -0500
committerEric Paris <eparis@redhat.com>2012-01-05 18:52:53 -0500
commit6a9de49115d5ff9871d953af1a5c8249e1585731 (patch)
treeeee3700ccc2ce26c566bfe99129e646fac9f983e /security/security.c
parent2653812e14f4e16688ec8247d7fd290bdbbc4747 (diff)
capabilities: remove the task from capable LSM hook entirely
The capabilities framework is based around credentials, not necessarily the current task. Yet we still passed the current task down into LSMs from the security_capable() LSM hook as if it was a meaningful portion of the security decision. This patch removes the 'generic' passing of current and instead forces individual LSMs to use current explicitly if they think it is appropriate. In our case those LSMs are SELinux and AppArmor. I believe the AppArmor use of current is incorrect, but that is wholely unrelated to this patch. This patch does not change what AppArmor does, it just makes it clear in the AppArmor code that it is doing it. The SELinux code still uses current in it's audit message, which may also be wrong and needs further investigation. Again this is NOT a change, it may have always been wrong, this patch just makes it clear what is happening. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/security/security.c b/security/security.c
index d9e153390926..9ae68c64455e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -157,8 +157,7 @@ int security_capset(struct cred *new, const struct cred *old,
157int security_capable(struct user_namespace *ns, const struct cred *cred, 157int security_capable(struct user_namespace *ns, const struct cred *cred,
158 int cap) 158 int cap)
159{ 159{
160 return security_ops->capable(current, cred, ns, cap, 160 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
161 SECURITY_CAP_AUDIT);
162} 161}
163 162
164int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, 163int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
@@ -168,7 +167,7 @@ int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
168 int ret; 167 int ret;
169 168
170 cred = get_task_cred(tsk); 169 cred = get_task_cred(tsk);
171 ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT); 170 ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
172 put_cred(cred); 171 put_cred(cred);
173 return ret; 172 return ret;
174} 173}
@@ -180,7 +179,7 @@ int security_real_capable_noaudit(struct task_struct *tsk,
180 int ret; 179 int ret;
181 180
182 cred = get_task_cred(tsk); 181 cred = get_task_cred(tsk);
183 ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT); 182 ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
184 put_cred(cred); 183 put_cred(cred);
185 return ret; 184 return ret;
186} 185}