diff options
| author | Eric Paris <eparis@redhat.com> | 2008-11-11 06:02:57 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-11 06:02:57 -0500 |
| commit | 066746796bd2f0a1ba210c0dded3b6ee4032692a (patch) | |
| tree | 868832ca0e199e4f173e23375cffb5fc3870402c /security | |
| parent | a2f2945a99057c7d44043465906c6bb63c3368a0 (diff) | |
Currently SELinux jumps through some ugly hoops to not audit a capbility
check when determining if a process has additional powers to override
memory limits or when trying to read/write illegal file labels. Use
the new noaudit call instead.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 88a3ee33068a..378dc53c08e8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1979,16 +1979,8 @@ static int selinux_syslog(int type) | |||
| 1979 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | 1979 | static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) |
| 1980 | { | 1980 | { |
| 1981 | int rc, cap_sys_admin = 0; | 1981 | int rc, cap_sys_admin = 0; |
| 1982 | struct task_security_struct *tsec = current->security; | ||
| 1983 | |||
| 1984 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | ||
| 1985 | if (rc == 0) | ||
| 1986 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
| 1987 | SECCLASS_CAPABILITY, | ||
| 1988 | CAP_TO_MASK(CAP_SYS_ADMIN), | ||
| 1989 | 0, | ||
| 1990 | NULL); | ||
| 1991 | 1982 | ||
| 1983 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | ||
| 1992 | if (rc == 0) | 1984 | if (rc == 0) |
| 1993 | cap_sys_admin = 1; | 1985 | cap_sys_admin = 1; |
| 1994 | 1986 | ||
| @@ -2820,7 +2812,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
| 2820 | u32 size; | 2812 | u32 size; |
| 2821 | int error; | 2813 | int error; |
| 2822 | char *context = NULL; | 2814 | char *context = NULL; |
| 2823 | struct task_security_struct *tsec = current->security; | ||
| 2824 | struct inode_security_struct *isec = inode->i_security; | 2815 | struct inode_security_struct *isec = inode->i_security; |
| 2825 | 2816 | ||
| 2826 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2817 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
| @@ -2835,13 +2826,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
| 2835 | * and lack of permission just means that we fall back to the | 2826 | * and lack of permission just means that we fall back to the |
| 2836 | * in-core context value, not a denial. | 2827 | * in-core context value, not a denial. |
| 2837 | */ | 2828 | */ |
| 2838 | error = secondary_ops->capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); | 2829 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
| 2839 | if (!error) | ||
| 2840 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
| 2841 | SECCLASS_CAPABILITY2, | ||
| 2842 | CAPABILITY2__MAC_ADMIN, | ||
| 2843 | 0, | ||
| 2844 | NULL); | ||
| 2845 | if (!error) | 2830 | if (!error) |
| 2846 | error = security_sid_to_context_force(isec->sid, &context, | 2831 | error = security_sid_to_context_force(isec->sid, &context, |
| 2847 | &size); | 2832 | &size); |