[PATCH v6 2/5] Smack: Prepare for PTRACE_MODE_SCHED
Casey Schaufler
casey.schaufler at intel.com
Mon Nov 5 19:05:01 UTC 2018
From: Casey Schaufler <casey at schaufler-ca.com>
A ptrace access check with mode PTRACE_MODE_SCHED gets called
from process switching code. This precludes the use of audit,
as the locking is incompatible. Don't do audit in the PTRACE_MODE_SCHED
case.
Signed-off-by: Casey Schaufler <casey.schaufler at intel.com>
---
security/smack/smack_lsm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 340fc30ad85d..ffa95bcab599 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -422,7 +422,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
struct task_smack *tsp;
struct smack_known *tracer_known;
- if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
+ if ((mode & PTRACE_MODE_NOAUDIT) == 0 &&
+ (mode & PTRACE_MODE_SCHED) == 0) {
smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
smk_ad_setfield_u_tsk(&ad, tracer);
saip = &ad;
--
2.17.1
More information about the Linux-security-module-archive
mailing list