Re: kernel BUG at kernel/cred.c:434!

From: Casey Schaufler
Date: Wed Apr 17 2019 - 11:40:01 EST

Next message: Paul Kocialkowski: "Re: [PATCH v4] media: docs-rst: Document m2m stateless video decoder interface"
Previous message: Michal Hocko: "Re: [v2 RFC PATCH 0/9] Another Approach to Use PMEM as NUMA Node"
In reply to: Oleg Nesterov: "Re: kernel BUG at kernel/cred.c:434!"
Next in thread: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/17/2019 7:57 AM, Oleg Nesterov wrote:

On 04/17, Paul Moore wrote:

I'm tempted to simply return an error in selinux_setprocattr() if
the task's credentials are not the same as its real_cred;

What about other modules? I have no idea what smack_setprocattr() is,
but it too does prepare_creds/commit creds.

For what it's worth, my test for Smack does not reproduce
the problem.

it seems that the simplest workaround should simply add the additional
cred == real_cred into proc_pid_attr_write().

Oleg.

Next message: Paul Kocialkowski: "Re: [PATCH v4] media: docs-rst: Document m2m stateless video decoder interface"
Previous message: Michal Hocko: "Re: [v2 RFC PATCH 0/9] Another Approach to Use PMEM as NUMA Node"
In reply to: Oleg Nesterov: "Re: kernel BUG at kernel/cred.c:434!"
Next in thread: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]