diff options
| author | Eric Paris | 2012-01-03 11:25:14 -0600 |
|---|---|---|
| committer | Eric Paris | 2012-01-05 17:52:53 -0600 |
| commit | 6a9de49115d5ff9871d953af1a5c8249e1585731 (patch) | |
| tree | eee3700ccc2ce26c566bfe99129e646fac9f983e /security/security.c | |
| parent | 2653812e14f4e16688ec8247d7fd290bdbbc4747 (diff) | |
| download | kernel-common-6a9de49115d5ff9871d953af1a5c8249e1585731.tar.gz kernel-common-6a9de49115d5ff9871d953af1a5c8249e1585731.tar.xz kernel-common-6a9de49115d5ff9871d953af1a5c8249e1585731.zip | |
capabilities: remove the task from capable LSM hook entirely
The capabilities framework is based around credentials, not necessarily the
current task. Yet we still passed the current task down into LSMs from the
security_capable() LSM hook as if it was a meaningful portion of the security
decision. This patch removes the 'generic' passing of current and instead
forces individual LSMs to use current explicitly if they think it is
appropriate. In our case those LSMs are SELinux and AppArmor.
I believe the AppArmor use of current is incorrect, but that is wholely
unrelated to this patch. This patch does not change what AppArmor does, it
just makes it clear in the AppArmor code that it is doing it.
The SELinux code still uses current in it's audit message, which may also be
wrong and needs further investigation. Again this is NOT a change, it may
have always been wrong, this patch just makes it clear what is happening.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/security/security.c b/security/security.c index d9e15339092..9ae68c64455 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -157,8 +157,7 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 157 | int security_capable(struct user_namespace *ns, const struct cred *cred, | 157 | int security_capable(struct user_namespace *ns, const struct cred *cred, |
| 158 | int cap) | 158 | int cap) |
| 159 | { | 159 | { |
| 160 | return security_ops->capable(current, cred, ns, cap, | 160 | return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); |
| 161 | SECURITY_CAP_AUDIT); | ||
| 162 | } | 161 | } |
| 163 | 162 | ||
| 164 | int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, | 163 | int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, |
| @@ -168,7 +167,7 @@ int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, | |||
| 168 | int ret; | 167 | int ret; |
| 169 | 168 | ||
| 170 | cred = get_task_cred(tsk); | 169 | cred = get_task_cred(tsk); |
| 171 | ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT); | 170 | ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); |
| 172 | put_cred(cred); | 171 | put_cred(cred); |
| 173 | return ret; | 172 | return ret; |
| 174 | } | 173 | } |
| @@ -180,7 +179,7 @@ int security_real_capable_noaudit(struct task_struct *tsk, | |||
| 180 | int ret; | 179 | int ret; |
| 181 | 180 | ||
| 182 | cred = get_task_cred(tsk); | 181 | cred = get_task_cred(tsk); |
| 183 | ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT); | 182 | ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); |
| 184 | put_cred(cred); | 183 | put_cred(cred); |
| 185 | return ret; | 184 | return ret; |
| 186 | } | 185 | } |