diff options
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5f21a514f581..f71de5a64d0c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -75,6 +75,7 @@ | |||
75 | #include <linux/string.h> | 75 | #include <linux/string.h> |
76 | #include <linux/selinux.h> | 76 | #include <linux/selinux.h> |
77 | #include <linux/mutex.h> | 77 | #include <linux/mutex.h> |
78 | #include <linux/posix-timers.h> | ||
78 | 79 | ||
79 | #include "avc.h" | 80 | #include "avc.h" |
80 | #include "objsec.h" | 81 | #include "objsec.h" |
@@ -325,7 +326,7 @@ enum { | |||
325 | Opt_rootcontext = 4, | 326 | Opt_rootcontext = 4, |
326 | }; | 327 | }; |
327 | 328 | ||
328 | static match_table_t tokens = { | 329 | static const match_table_t tokens = { |
329 | {Opt_context, CONTEXT_STR "%s"}, | 330 | {Opt_context, CONTEXT_STR "%s"}, |
330 | {Opt_fscontext, FSCONTEXT_STR "%s"}, | 331 | {Opt_fscontext, FSCONTEXT_STR "%s"}, |
331 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, | 332 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, |
@@ -2123,26 +2124,27 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2123 | long j = -1; | 2124 | long j = -1; |
2124 | int drop_tty = 0; | 2125 | int drop_tty = 0; |
2125 | 2126 | ||
2126 | mutex_lock(&tty_mutex); | ||
2127 | tty = get_current_tty(); | 2127 | tty = get_current_tty(); |
2128 | if (tty) { | 2128 | if (tty) { |
2129 | file_list_lock(); | 2129 | file_list_lock(); |
2130 | file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); | 2130 | if (!list_empty(&tty->tty_files)) { |
2131 | if (file) { | 2131 | struct inode *inode; |
2132 | |||
2132 | /* Revalidate access to controlling tty. | 2133 | /* Revalidate access to controlling tty. |
2133 | Use inode_has_perm on the tty inode directly rather | 2134 | Use inode_has_perm on the tty inode directly rather |
2134 | than using file_has_perm, as this particular open | 2135 | than using file_has_perm, as this particular open |
2135 | file may belong to another process and we are only | 2136 | file may belong to another process and we are only |
2136 | interested in the inode-based check here. */ | 2137 | interested in the inode-based check here. */ |
2137 | struct inode *inode = file->f_path.dentry->d_inode; | 2138 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
2139 | inode = file->f_path.dentry->d_inode; | ||
2138 | if (inode_has_perm(current, inode, | 2140 | if (inode_has_perm(current, inode, |
2139 | FILE__READ | FILE__WRITE, NULL)) { | 2141 | FILE__READ | FILE__WRITE, NULL)) { |
2140 | drop_tty = 1; | 2142 | drop_tty = 1; |
2141 | } | 2143 | } |
2142 | } | 2144 | } |
2143 | file_list_unlock(); | 2145 | file_list_unlock(); |
2146 | tty_kref_put(tty); | ||
2144 | } | 2147 | } |
2145 | mutex_unlock(&tty_mutex); | ||
2146 | /* Reset controlling tty. */ | 2148 | /* Reset controlling tty. */ |
2147 | if (drop_tty) | 2149 | if (drop_tty) |
2148 | no_tty(); | 2150 | no_tty(); |
@@ -2326,13 +2328,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
2326 | initrlim = init_task.signal->rlim+i; | 2328 | initrlim = init_task.signal->rlim+i; |
2327 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2329 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
2328 | } | 2330 | } |
2329 | if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { | 2331 | update_rlimit_cpu(rlim->rlim_cur); |
2330 | /* | ||
2331 | * This will cause RLIMIT_CPU calculations | ||
2332 | * to be refigured. | ||
2333 | */ | ||
2334 | current->it_prof_expires = jiffies_to_cputime(1); | ||
2335 | } | ||
2336 | } | 2332 | } |
2337 | 2333 | ||
2338 | /* Wake up the parent if it is waiting so that it can | 2334 | /* Wake up the parent if it is waiting so that it can |