linux/security
Eric Paris 8a53514043 SELinux: always check SIGCHLD in selinux_task_wait
When checking if we can wait on a child we were looking at
p->exit_signal and trying to make the decision based on if the signal
would eventually be allowed.  One big flaw is that p->exit_signal is -1
for NPTL threads and so aignal_to_av was not actually checking SIGCHLD
which is what would have been sent.  Even is exit_signal was set to
something strange it wouldn't change the fact that the child was there
and needed to be waited on.  This patch just assumes wait is based on
SIGCHLD.  Specific permission checks are made when the child actually
attempts to send a signal.

This resolves the problem of things like using GDB on confined domains
such as in RH BZ 232371.  The confined domain did not have permission to
send a generic signal (exit_signal == -1) back to the unconfined GDB.
With this patch the GDB wait works and since the actual signal sent is
allowed everything functions as it should.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2007-10-23 08:47:48 +10:00
..
keys KEYS: Make request_key() and co fundamentally asynchronous 2007-10-17 08:42:57 -07:00
selinux SELinux: always check SIGCHLD in selinux_task_wait 2007-10-23 08:47:48 +10:00
capability.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
commoncap.c pid namespaces: define is_global_init() and is_container_init() 2007-10-19 11:53:37 -07:00
dummy.c V3 file capabilities: alter behavior of cap_setpcap 2007-10-18 14:37:24 -07:00
inode.c security/ cleanups 2007-10-17 08:43:07 -07:00
Kconfig Implement file posix capabilities 2007-10-17 08:43:07 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
root_plug.c security: Convert LSM into a static interface 2007-10-17 08:43:07 -07:00
security.c security/ cleanups 2007-10-17 08:43:07 -07:00