Commit 5334d6a1 authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Linus Torvalds

[PATCH] SELinux: retain ptracer SID across fork

This fixes a bug in SELinux to retain the ptracer SID (if any) across fork.
Otherwise, SELinux will always deny attempts by traced children to exec
domain-changing programs even if the policy would have allowed the tracer
to trace the new domains as well.
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b9877c90
...@@ -2625,6 +2625,11 @@ static int selinux_task_alloc_security(struct task_struct *tsk) ...@@ -2625,6 +2625,11 @@ static int selinux_task_alloc_security(struct task_struct *tsk)
tsec2->exec_sid = tsec1->exec_sid; tsec2->exec_sid = tsec1->exec_sid;
tsec2->create_sid = tsec1->create_sid; tsec2->create_sid = tsec1->create_sid;
/* Retain ptracer SID across fork, if any.
This will be reset by the ptrace hook upon any
subsequent ptrace_attach operations. */
tsec2->ptrace_sid = tsec1->ptrace_sid;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment