[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1226072290.16320.60.camel@moss-spartans.epoch.ncsc.mil>
Date: Fri, 07 Nov 2008 10:38:10 -0500
From: Stephen Smalley <sds@...ho.nsa.gov>
To: Eric Paris <eparis@...hat.com>
Cc: linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov,
linux-security-module@...r.kernel.org, jmorris@...eil.org,
serue@...ibm.com, morgan@...nel.org, casey@...aufler-ca.com,
esandeen@...hat.com
Subject: Re: [PATCH -v3 4/4] SELinux: use new cap_noaudit interface
On Fri, 2008-11-07 at 10:23 -0500, Eric Paris wrote:
> Currently SELinux jumps through some ugly hoops to not audit a capbility
> check when determining if a process has additional powers to override
> memory limits or when trying to read/write illegal file labels. Use
> the new noaudit call instead.
>
> Signed-off-by: Eric Paris <eparis@...hat.com>
Acked-by: Stephen Smalley <sds@...ho.nsa.gov>
> ---
>
> security/selinux/hooks.c | 19 ++-----------------
> 1 files changed, 2 insertions(+), 17 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 0d4ee8c..d3fd051 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1978,16 +1978,8 @@ static int selinux_syslog(int type)
> static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
> {
> int rc, cap_sys_admin = 0;
> - struct task_security_struct *tsec = current->security;
> -
> - rc = secondary_ops->capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT);
> - if (rc == 0)
> - rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
> - SECCLASS_CAPABILITY,
> - CAP_TO_MASK(CAP_SYS_ADMIN),
> - 0,
> - NULL);
>
> + rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT);
> if (rc == 0)
> cap_sys_admin = 1;
>
> @@ -2812,7 +2804,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
> u32 size;
> int error;
> char *context = NULL;
> - struct task_security_struct *tsec = current->security;
> struct inode_security_struct *isec = inode->i_security;
>
> if (strcmp(name, XATTR_SELINUX_SUFFIX))
> @@ -2827,13 +2818,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
> * and lack of permission just means that we fall back to the
> * in-core context value, not a denial.
> */
> - error = secondary_ops->capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT);
> - if (!error)
> - error = avc_has_perm_noaudit(tsec->sid, tsec->sid,
> - SECCLASS_CAPABILITY2,
> - CAPABILITY2__MAC_ADMIN,
> - 0,
> - NULL);
> + error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT);
> if (!error)
> error = security_sid_to_context_force(isec->sid, &context,
> &size);
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists