diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2fcad7c33eaf..15c2a08a66f1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1980,10 +1980,6 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
| 1980 | u32 tsid, sid; | 1980 | u32 tsid, sid; |
| 1981 | int rc; | 1981 | int rc; |
| 1982 | 1982 | ||
| 1983 | rc = secondary_ops->sysctl(table, op); | ||
| 1984 | if (rc) | ||
| 1985 | return rc; | ||
| 1986 | |||
| 1987 | sid = current_sid(); | 1983 | sid = current_sid(); |
| 1988 | 1984 | ||
| 1989 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? | 1985 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? |
| @@ -2375,10 +2371,8 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) | |||
| 2375 | { | 2371 | { |
| 2376 | const struct task_security_struct *tsec = current_security(); | 2372 | const struct task_security_struct *tsec = current_security(); |
| 2377 | struct itimerval itimer; | 2373 | struct itimerval itimer; |
| 2378 | struct sighand_struct *psig; | ||
| 2379 | u32 osid, sid; | 2374 | u32 osid, sid; |
| 2380 | int rc, i; | 2375 | int rc, i; |
| 2381 | unsigned long flags; | ||
| 2382 | 2376 | ||
| 2383 | osid = tsec->osid; | 2377 | osid = tsec->osid; |
| 2384 | sid = tsec->sid; | 2378 | sid = tsec->sid; |
| @@ -2398,22 +2392,20 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) | |||
| 2398 | memset(&itimer, 0, sizeof itimer); | 2392 | memset(&itimer, 0, sizeof itimer); |
| 2399 | for (i = 0; i < 3; i++) | 2393 | for (i = 0; i < 3; i++) |
| 2400 | do_setitimer(i, &itimer, NULL); | 2394 | do_setitimer(i, &itimer, NULL); |
| 2401 | flush_signals(current); | ||
| 2402 | spin_lock_irq(¤t->sighand->siglock); | 2395 | spin_lock_irq(¤t->sighand->siglock); |
| 2403 | flush_signal_handlers(current, 1); | 2396 | if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { |
| 2404 | sigemptyset(¤t->blocked); | 2397 | __flush_signals(current); |
| 2405 | recalc_sigpending(); | 2398 | flush_signal_handlers(current, 1); |
| 2399 | sigemptyset(¤t->blocked); | ||
| 2400 | } | ||
| 2406 | spin_unlock_irq(¤t->sighand->siglock); | 2401 | spin_unlock_irq(¤t->sighand->siglock); |
| 2407 | } | 2402 | } |
| 2408 | 2403 | ||
| 2409 | /* Wake up the parent if it is waiting so that it can recheck | 2404 | /* Wake up the parent if it is waiting so that it can recheck |
| 2410 | * wait permission to the new task SID. */ | 2405 | * wait permission to the new task SID. */ |
| 2411 | read_lock_irq(&tasklist_lock); | 2406 | read_lock(&tasklist_lock); |
| 2412 | psig = current->parent->sighand; | 2407 | wake_up_interruptible(¤t->real_parent->signal->wait_chldexit); |
| 2413 | spin_lock_irqsave(&psig->siglock, flags); | 2408 | read_unlock(&tasklist_lock); |
| 2414 | wake_up_interruptible(¤t->parent->signal->wait_chldexit); | ||
| 2415 | spin_unlock_irqrestore(&psig->siglock, flags); | ||
| 2416 | read_unlock_irq(&tasklist_lock); | ||
| 2417 | } | 2409 | } |
| 2418 | 2410 | ||
| 2419 | /* superblock security operations */ | 2411 | /* superblock security operations */ |
| @@ -4503,7 +4495,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
| 4503 | * when the packet is on it's final way out. | 4495 | * when the packet is on it's final way out. |
| 4504 | * NOTE: there appear to be some IPv6 multicast cases where skb->dst | 4496 | * NOTE: there appear to be some IPv6 multicast cases where skb->dst |
| 4505 | * is NULL, in this case go ahead and apply access control. */ | 4497 | * is NULL, in this case go ahead and apply access control. */ |
| 4506 | if (skb->dst != NULL && skb->dst->xfrm != NULL) | 4498 | if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL) |
| 4507 | return NF_ACCEPT; | 4499 | return NF_ACCEPT; |
| 4508 | #endif | 4500 | #endif |
| 4509 | secmark_active = selinux_secmark_enabled(); | 4501 | secmark_active = selinux_secmark_enabled(); |