On Thu, 2023-12-07 09:46:54 -0800, Paul Moore wrote:
>
> On Dec 6, 2023 Munehisa Kamata <kamatam@xxxxxxxxxx> wrote:
> >
> > Since commit d9250dea3f89 ("SELinux: add boundary support and thread
> > context assignment"), SELinux has been supporting assigning per-thread
> > security context under a constraint and the comment was updated
> > accordingly. However, seems like commit d84f4f992cbd ("CRED: Inaugurate
> > COW credentials") accidentally brought the old comment back that doesn't
> > match what the code does.
> >
> > Considering the ease of understanding the code, this patch just removes the
> > wrong comment.
> >
> > Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")
> > Signed-off-by: Munehisa Kamata <kamatam@xxxxxxxxxx>
> > ---
> >
> > v1 -> v2: just remove the comment instead of bringing back the old one as suggested by Paul
> >
> > security/selinux/hooks.c | 1 -
> > 1 file changed, 1 deletion(-)
>
> Merged into selinux/dev, thanks!
Thank you, too :)
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 855589b64641..863ff67e7849 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -6459,7 +6459,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
> > if (sid == 0)
> > goto abort_change;
> >
> > - /* Only allow single threaded processes to change context */
> > if (!current_is_single_threaded()) {
> > error = security_bounded_transition(tsec->sid, sid);
> > if (error)
> > --
> > 2.40.1
>
> --
> paul-moore.com
>
