diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/device_cgroup.c | 3 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 1 | ||||
| -rw-r--r-- | security/selinux/avc.c | 12 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 3 |
4 files changed, 6 insertions, 13 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 8d9c48f13774..cd1f779fa51d 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -62,8 +62,7 @@ static inline struct dev_cgroup *task_devcgroup(struct task_struct *task) struct cgroup_subsys devices_subsys; static int devcgroup_can_attach(struct cgroup_subsys *ss, - struct cgroup *new_cgroup, struct task_struct *task, - bool threadgroup) + struct cgroup *new_cgroup, struct task_struct *task) { if (current != task && !capable(CAP_SYS_ADMIN)) return -EPERM; diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 6c0480db8885..a3063eb3dc23 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -847,6 +847,7 @@ void key_replace_session_keyring(void) new-> sgid = old-> sgid; new->fsgid = old->fsgid; new->user = get_uid(old->user); + new->user_ns = new->user->user_ns; new->group_info = get_group_info(old->group_info); new->securebits = old->securebits; diff --git a/security/selinux/avc.c b/security/selinux/avc.c index fcb89cb0f223..d515b2128a4e 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -752,10 +752,9 @@ int avc_ss_reset(u32 seqno) int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, - struct av_decision *in_avd) + struct av_decision *avd) { struct avc_node *node; - struct av_decision avd_entry, *avd; int rc = 0; u32 denied; @@ -766,18 +765,11 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, node = avc_lookup(ssid, tsid, tclass); if (unlikely(!node)) { rcu_read_unlock(); - - if (in_avd) - avd = in_avd; - else - avd = &avd_entry; - security_compute_av(ssid, tsid, tclass, avd); rcu_read_lock(); node = avc_insert(ssid, tsid, tclass, avd); } else { - if (in_avd) - memcpy(in_avd, &node->ae.avd, sizeof(*in_avd)); + memcpy(avd, &node->ae.avd, sizeof(*avd)); avd = &node->ae.avd; } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index c3e4b52699f4..973e00e34fa9 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2217,10 +2217,11 @@ out_unlock: goto out; } for (i = 0, j = 0; i < mynel; i++) { + struct av_decision dummy_avd; rc = avc_has_perm_noaudit(fromsid, mysids[i], SECCLASS_PROCESS, /* kernel value */ PROCESS__TRANSITION, AVC_STRICT, - NULL); + &dummy_avd); if (!rc) mysids2[j++] = mysids[i]; cond_resched(); |