On Dec 6, 2023 Munehisa Kamata <kamatam@xxxxxxxxxx> wrote:
>
> Since commit d9250dea3f89 ("SELinux: add boundary support and thread
> context assignment"), SELinux has been supporting assigning per-thread
> security context under a constraint and the comment was updated
> accordingly. However, seems like commit d84f4f992cbd ("CRED: Inaugurate
> COW credentials") accidentally brought the old comment back that doesn't
> match what the code does.
>
> Considering the ease of understanding the code, this patch just removes the
> wrong comment.
>
> Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")
> Signed-off-by: Munehisa Kamata <kamatam@xxxxxxxxxx>
> ---
>
> v1 -> v2: just remove the comment instead of bringing back the old one as suggested by Paul
>
> security/selinux/hooks.c | 1 -
> 1 file changed, 1 deletion(-)
Merged into selinux/dev, thanks!
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 855589b64641..863ff67e7849 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6459,7 +6459,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
> if (sid == 0)
> goto abort_change;
>
> - /* Only allow single threaded processes to change context */
> if (!current_is_single_threaded()) {
> error = security_bounded_transition(tsec->sid, sid);
> if (error)
> --
> 2.40.1
--
paul-moore.com
