+ selinux-inherit-proc-self-attr-keycreate-across-fork.patch added to -mm tree

akpm@xxxxxxxx · Mon, 26 Jun 2006 11:28:24 -0700

The patch titled

     selinux: inherit /proc/self/attr/keycreate across fork

has been added to the -mm tree.  Its filename is

     selinux-inherit-proc-self-attr-keycreate-across-fork.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: selinux: inherit /proc/self/attr/keycreate across fork
From: Michael LeMay <mdlemay@xxxxxxxxxxxxxx>


Update SELinux to cause the keycreate process attribute held in
/proc/self/attr/keycreate to be inherited across a fork and reset upon
execve.  This is consistent with the handling of the other process
attributes provided by SELinux and also makes it simpler to adapt logon
programs to properly handle the keycreate attribute.

Signed-off-by: Michael LeMay <mdlemay@xxxxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Acked-by:  Stephen Smalley <sds@xxxxxxxxxxxxx>
Cc: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 security/selinux/hooks.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff -puN security/selinux/hooks.c~selinux-inherit-proc-self-attr-keycreate-across-fork security/selinux/hooks.c

--- a/security/selinux/hooks.c~selinux-inherit-proc-self-attr-keycreate-across-fork
+++ a/security/selinux/hooks.c
@@ -1532,8 +1532,9 @@ static int selinux_bprm_set_security(str
 	/* Default to the current task SID. */
 	bsec->sid = tsec->sid;
 
-	/* Reset create and sockcreate SID on execve. */
+	/* Reset fs, key, and sock SIDs on execve. */
 	tsec->create_sid = 0;
+	tsec->keycreate_sid = 0;
 	tsec->sockcreate_sid = 0;
 
 	if (tsec->exec_sid) {
@@ -2586,9 +2587,10 @@ static int selinux_task_alloc_security(s
 	tsec2->osid = tsec1->osid;
 	tsec2->sid = tsec1->sid;
 
-	/* Retain the exec, create, and sock SIDs across fork */
+	/* Retain the exec, fs, key, and sock SIDs across fork */
 	tsec2->exec_sid = tsec1->exec_sid;
 	tsec2->create_sid = tsec1->create_sid;
+	tsec2->keycreate_sid = tsec1->keycreate_sid;
 	tsec2->sockcreate_sid = tsec1->sockcreate_sid;
 
 	/* Retain ptracer SID across fork, if any.
_

Patches currently in -mm which might be from mdlemay@xxxxxxxxxxxxxx are

origin.patch
keys-allocate-key-serial-numbers-randomly.patch
keys-restrict-contents-of-proc-keys-to-viewable-keys.patch
keys-add-a-way-to-store-the-appropriate-context-for-newly-created-keys.patch
selinux-inherit-proc-self-attr-keycreate-across-fork.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




