Re: [PATCH] selinux: fix residual uses of current_security() for the SELinux blob

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 4, 2019 at 10:32 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> We need to use selinux_cred() to fetch the SELinux cred blob instead
> of directly using current->security or current_security().  There
> were a couple of lingering uses of current_security() in the SELinux code
> that were apparently missed during the earlier conversions. IIUC, this
> would only manifest as a bug if multiple security modules including
> SELinux are enabled and SELinux is not first in the lsm order. After
> this change, there appear to be no other users of current_security()
> in-tree; perhaps we should remove it altogether.
>
> Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob")
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
>  security/selinux/hooks.c          |  2 +-
>  security/selinux/include/objsec.h | 20 ++++++++++----------
>  2 files changed, 11 insertions(+), 11 deletions(-)

Thanks Stephen, and everyone who reviewed/commented on the patch.
This looks fine to me too, and while it is a little late, I think
there is value in getting this into the next merge window so I've gone
ahead and merged this into selinux/next.

As far as removing current_security is concerned, I also agree that
removing it is probably a good idea.  Does anyone object if I merge a
follow-up patch via the SELinux tree (patch coming shortly)?

-- 
paul moore
www.paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux