On 01/10, Stephen Smalley wrote: > > As reported by yangshukui, a permission denial from security_task_wait() > can lead to a soft lockup in zap_pid_ns_processes() since it only expects > sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can > in general lead to zombies; in the absence of some way to automatically > reparent a child process upon a denial, the hook is not useful. Remove > the security hook and its implementations in SELinux and Smack. Smack > already removed its check from its hook. > > Reported-by: yangshukui <yangshukui@xxxxxxxxxx> > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> Great ;) Acked-by: Oleg Nesterov <oleg@xxxxxxxxxx> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
