asedeno.scripts.mit.edu Git - linux.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Tue, 10 Jan 2017 17:28:32 +0000 (12:28 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Thu, 12 Jan 2017 16:10:57 +0000 (11:10 -0500)
commit	3a2f5a59a695a73e0cde9a61e0feae5fa730e936
tree	058704d18e909a2c0b46356c74d3c1156c2206aa	tree \| snapshot
parent	b4ba35c75a0671a06b978b6386b54148efddf39f	commit \| diff

security,selinux,smack: kill security_task_wait hook

As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful. Remove
the security hook and its implementations in SELinux and Smack. Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/exit.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history