security,selinux,smack: kill security_task_wait hook - linux

diff options

author	Stephen Smalley <sds@tycho.nsa.gov>	2017-01-10 18:28:32 +0100
committer	Paul Moore <paul@paul-moore.com>	2017-01-12 17:10:57 +0100
commit	3a2f5a59a695a73e0cde9a61e0feae5fa730e936 (patch)
tree	058704d18e909a2c0b46356c74d3c1156c2206aa /firmware/emi62
parent	selinux: drop unused socket security classes (diff)
download	linux-3a2f5a59a695a73e0cde9a61e0feae5fa730e936.tar.xz linux-3a2f5a59a695a73e0cde9a61e0feae5fa730e936.zip

security,selinux,smack: kill security_task_wait hook

As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook. Reported-by: yangshukui <yangshukui@huawei.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

Diffstat (limited to 'firmware/emi62')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: