Commit 28eba5bf authored by Michael LeMay's avatar Michael LeMay Committed by Linus Torvalds

[PATCH] selinux: inherit /proc/self/attr/keycreate across fork

Update SELinux to cause the keycreate process attribute held in
/proc/self/attr/keycreate to be inherited across a fork and reset upon
execve.  This is consistent with the handling of the other process
attributes provided by SELinux and also makes it simpler to adapt logon
programs to properly handle the keycreate attribute.
Signed-off-by: default avatarMichael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 76b67ed9
...@@ -1532,8 +1532,9 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) ...@@ -1532,8 +1532,9 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
/* Default to the current task SID. */ /* Default to the current task SID. */
bsec->sid = tsec->sid; bsec->sid = tsec->sid;
/* Reset create and sockcreate SID on execve. */ /* Reset fs, key, and sock SIDs on execve. */
tsec->create_sid = 0; tsec->create_sid = 0;
tsec->keycreate_sid = 0;
tsec->sockcreate_sid = 0; tsec->sockcreate_sid = 0;
if (tsec->exec_sid) { if (tsec->exec_sid) {
...@@ -2586,9 +2587,10 @@ static int selinux_task_alloc_security(struct task_struct *tsk) ...@@ -2586,9 +2587,10 @@ static int selinux_task_alloc_security(struct task_struct *tsk)
tsec2->osid = tsec1->osid; tsec2->osid = tsec1->osid;
tsec2->sid = tsec1->sid; tsec2->sid = tsec1->sid;
/* Retain the exec, create, and sock SIDs across fork */ /* Retain the exec, fs, key, and sock SIDs across fork */
tsec2->exec_sid = tsec1->exec_sid; tsec2->exec_sid = tsec1->exec_sid;
tsec2->create_sid = tsec1->create_sid; tsec2->create_sid = tsec1->create_sid;
tsec2->keycreate_sid = tsec1->keycreate_sid;
tsec2->sockcreate_sid = tsec1->sockcreate_sid; tsec2->sockcreate_sid = tsec1->sockcreate_sid;
/* Retain ptracer SID across fork, if any. /* Retain ptracer SID across fork, if any.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment