On Mon, 25 Aug 2008, KaiGai Kohei wrote:
> @@ -5228,11 +5232,14 @@ static int selinux_setprocattr(struct task_struct *p,
> do_each_thread(g, t) {
> if (t->mm == mm && t != p) {
> read_unlock(&tasklist_lock);
> + if (!security_bounded_transition(tsec->sid, sid))
> + goto boundary_ok;
> return -EPERM;
Propagate the return value of security_bounded_transition().
Also, if the user/role bounds are not being used, should they be included
in this? From the kernel point of view, unused code should never be
added.
- James
--
James Morris
<jmorris@xxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
