Re: [PATCH 1/3] SECURITY: Move exec_permission RCU checks intosecurity modules
From: Christoph Hellwig
Date: Fri Apr 22 2011 - 00:35:21 EST
On Thu, Apr 21, 2011 at 05:23:19PM -0700, Andi Kleen wrote:
> From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
>
> Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
> is enabled, even though just the standard capability module is active.
> This is because security_inode_exec_permission unconditionally fails
> RCU walks.
>
> Move this decision to the low level security module. This requires
> passing the RCU flags down the security hook. This way at least
> the capability module and a few easy cases in selinux/smack work
> with RCU walks with CONFIG_SECURITY=y
>
> Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> ---
> include/linux/security.h | 2 +-
> security/capability.c | 2 +-
> security/security.c | 6 ++----
> security/selinux/hooks.c | 6 +++++-
> security/smack/smack_lsm.c | 6 +++++-
> 5 files changed, 14 insertions(+), 8 deletions(-)
This seems to miss the hunk in fs/namei.c where the LSM hook is called.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/