[PATCH] selinux: fix residual uses of current_security() for the SELinux blob
Paul Moore
paul at paul-moore.com
Wed Sep 4 22:50:12 UTC 2019
On Wed, Sep 4, 2019 at 10:32 AM Stephen Smalley <sds at tycho.nsa.gov> wrote:
> We need to use selinux_cred() to fetch the SELinux cred blob instead
> of directly using current->security or current_security(). There
> were a couple of lingering uses of current_security() in the SELinux code
> that were apparently missed during the earlier conversions. IIUC, this
> would only manifest as a bug if multiple security modules including
> SELinux are enabled and SELinux is not first in the lsm order. After
> this change, there appear to be no other users of current_security()
> in-tree; perhaps we should remove it altogether.
>
> Fixes: bbd3662a8348 ("Infrastructure management of the cred security blob")
> Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
> ---
> security/selinux/hooks.c | 2 +-
> security/selinux/include/objsec.h | 20 ++++++++++----------
> 2 files changed, 11 insertions(+), 11 deletions(-)
Thanks Stephen, and everyone who reviewed/commented on the patch.
This looks fine to me too, and while it is a little late, I think
there is value in getting this into the next merge window so I've gone
ahead and merged this into selinux/next.
As far as removing current_security is concerned, I also agree that
removing it is probably a good idea. Does anyone object if I merge a
follow-up patch via the SELinux tree (patch coming shortly)?
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list