Stephen Smalley 24b3505679 security,selinux,smack: kill security_task_wait hook ...

commit 3a2f5a59a6 upstream.

As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-06-13 14:13:18 +09:00

..

Kconfig

Smack: Signal delivery as an append operation

2016-09-08 13:22:56 -07:00

Makefile

Smack: Repair netfilter dependency

2015-01-23 10:08:19 -08:00

smack_access.c

Smack: Fix wrong semantics in smk_access_entry()

2023-05-16 11:45:32 +09:00

smack_lsm.c

security,selinux,smack: kill security_task_wait hook

2023-06-13 14:13:18 +09:00

smack_netfilter.c

security: Use IS_ENABLED() instead of checking for built-in or module

2016-08-08 13:08:25 -04:00

smack.h

Smack: Signal delivery as an append operation

2016-09-08 13:22:56 -07:00

smackfs.c

smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi

2023-05-16 12:14:56 +09:00