Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull smack updates from James Morris: "From Casey: three patches for Smack for 4.20. Two clean up warnings and one is a rarely encountered ptrace capability check" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Mark expected switch fall-through Smack: ptrace capability use fixes Smack: remove set but not used variable 'root_inode'
This commit is contained in:
commit
e80bc22969
|
@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
|
||||||
struct smk_audit_info ad, *saip = NULL;
|
struct smk_audit_info ad, *saip = NULL;
|
||||||
struct task_smack *tsp;
|
struct task_smack *tsp;
|
||||||
struct smack_known *tracer_known;
|
struct smack_known *tracer_known;
|
||||||
|
const struct cred *tracercred;
|
||||||
|
|
||||||
if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
|
if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
|
||||||
smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
|
smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
|
||||||
|
@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
|
||||||
}
|
}
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
tsp = __task_cred(tracer)->security;
|
tracercred = __task_cred(tracer);
|
||||||
|
tsp = tracercred->security;
|
||||||
tracer_known = smk_of_task(tsp);
|
tracer_known = smk_of_task(tsp);
|
||||||
|
|
||||||
if ((mode & PTRACE_MODE_ATTACH) &&
|
if ((mode & PTRACE_MODE_ATTACH) &&
|
||||||
|
@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
|
||||||
rc = 0;
|
rc = 0;
|
||||||
else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
|
else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
|
||||||
rc = -EACCES;
|
rc = -EACCES;
|
||||||
else if (capable(CAP_SYS_PTRACE))
|
else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
|
||||||
rc = 0;
|
rc = 0;
|
||||||
else
|
else
|
||||||
rc = -EACCES;
|
rc = -EACCES;
|
||||||
|
@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
|
||||||
{
|
{
|
||||||
struct smack_known *skp;
|
struct smack_known *skp;
|
||||||
struct smack_known *tkp = smk_of_task(tsk->cred->security);
|
struct smack_known *tkp = smk_of_task(tsk->cred->security);
|
||||||
|
const struct cred *tcred;
|
||||||
struct file *file;
|
struct file *file;
|
||||||
int rc;
|
int rc;
|
||||||
struct smk_audit_info ad;
|
struct smk_audit_info ad;
|
||||||
|
@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
|
||||||
skp = file->f_security;
|
skp = file->f_security;
|
||||||
rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
|
rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
|
||||||
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
|
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
|
||||||
if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
|
|
||||||
|
rcu_read_lock();
|
||||||
|
tcred = __task_cred(tsk);
|
||||||
|
if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
|
||||||
rc = 0;
|
rc = 0;
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
|
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
|
||||||
smk_ad_setfield_u_tsk(&ad, tsk);
|
smk_ad_setfield_u_tsk(&ad, tsk);
|
||||||
|
@ -3467,7 +3474,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
||||||
*/
|
*/
|
||||||
final = &smack_known_star;
|
final = &smack_known_star;
|
||||||
/*
|
/*
|
||||||
* No break.
|
* Fall through.
|
||||||
*
|
*
|
||||||
* If a smack value has been set we want to use it,
|
* If a smack value has been set we want to use it,
|
||||||
* but since tmpfs isn't giving us the opportunity
|
* but since tmpfs isn't giving us the opportunity
|
||||||
|
|
|
@ -2853,7 +2853,6 @@ static const struct file_operations smk_ptrace_ops = {
|
||||||
static int smk_fill_super(struct super_block *sb, void *data, int silent)
|
static int smk_fill_super(struct super_block *sb, void *data, int silent)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
struct inode *root_inode;
|
|
||||||
|
|
||||||
static const struct tree_descr smack_files[] = {
|
static const struct tree_descr smack_files[] = {
|
||||||
[SMK_LOAD] = {
|
[SMK_LOAD] = {
|
||||||
|
@ -2917,8 +2916,6 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
root_inode = d_inode(sb->s_root);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue