git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Mon, 9 Jan 2017 15:07:31 +0000 (10:07 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 9 Jan 2017 15:07:31 +0000 (10:07 -0500)
commit	b21507e272627c434e8dd74e8d51fd8245281b59
tree	3c8453724f6429e2bae5cd3cc9266104c2e6feea	tree \| snapshot
parent	be0554c9bf9f7cc96f5205df8f8bd3573b74320e	commit \| diff

proc,security: move restriction on writing /proc/pid/attr nodes to proc

Processes can only alter their own security attributes via
/proc/pid/attr nodes. This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

fs/proc/base.c		diff \| blob \| blame \| history
include/linux/lsm_hooks.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/apparmor/lsm.c		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history
security/selinux/hooks.c		diff \| blob \| blame \| history
security/smack/smack_lsm.c		diff \| blob \| blame \| history