leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1f8266ff58
linux/security
History
Jann Horn 1f8266ff58 apparmor: don't try to replace stale label in ptrace access check 
As a comment above begin_current_label_crit_section() explains,
begin_current_label_crit_section() must run in sleepable context because
when label_is_stale() is true, aa_replace_current_label() runs, which uses
prepare_creds(), which can sleep.
Until now, the ptrace access check (which runs with a task lock held)
violated this rule.

Also add a might_sleep() assertion to begin_current_label_crit_section(),
because asserts are less likely to be ignored than comments.

Fixes: b2d09ae449 ("apparmor: move ptrace checks to using labels")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2018-09-13 09:44:56 -07:00
..
apparmor apparmor: don't try to replace stale label in ptrace access check 2018-09-13 09:44:56 -07:00
integrity Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-06-07 15:40:37 -07:00
keys dh key: fix rounding up KDF output length 2018-06-26 09:43:05 -07:00
loadpin get rid of pointless includes of fs_struct.h 2018-02-22 14:28:50 -05:00
selinux selinux/stable-4.18 PR 20180629 2018-06-30 11:15:12 -07:00
smack Smack: Mark inode instant in smack_task_to_inode 2018-06-23 10:45:56 +09:00
tomoyo net: make getname() functions return length rather than use int* parameter 2018-02-12 14:15:04 -05:00
yama pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
commoncap.c capabilities: Allow privileged user in s_user_ns to set security.* xattrs 2018-05-24 12:03:31 -05:00
device_cgroup.c docs: fix broken references with multiple hints 2018-06-15 18:10:01 -03:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
lsm_audit.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: add hook for socketpair() 2018-05-04 12:48:54 -07:00