Home
last modified time | relevance | path

Searched hist:"3 a28cff3bd4bf43f02be0c4e7933aebf3dc8197e" (Results 1 – 3 of 3) sorted by relevance

/openbmc/linux/security/selinux/include/
H A Davc.hdiff 3a28cff3bd4bf43f02be0c4e7933aebf3dc8197e Wed Dec 12 09:10:55 CST 2018 Stephen Smalley <sds@tycho.nsa.gov> selinux: avoid silent denials in permissive mode under RCU walk

commit 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
results in no audit messages at all if in permissive mode because the
cache is updated during the rcu walk and thus no denial occurs on
the subsequent ref walk. Fix this by not updating the cache when
performing a non-blocking permission check. This only affects search
and symlink read checks during rcu walk.

Fixes: 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
Reported-by: BMK <bmktuwien@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
/openbmc/linux/security/selinux/
H A Davc.cdiff 3a28cff3bd4bf43f02be0c4e7933aebf3dc8197e Wed Dec 12 09:10:55 CST 2018 Stephen Smalley <sds@tycho.nsa.gov> selinux: avoid silent denials in permissive mode under RCU walk

commit 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
results in no audit messages at all if in permissive mode because the
cache is updated during the rcu walk and thus no denial occurs on
the subsequent ref walk. Fix this by not updating the cache when
performing a non-blocking permission check. This only affects search
and symlink read checks during rcu walk.

Fixes: 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
Reported-by: BMK <bmktuwien@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
H A Dhooks.cdiff 3a28cff3bd4bf43f02be0c4e7933aebf3dc8197e Wed Dec 12 09:10:55 CST 2018 Stephen Smalley <sds@tycho.nsa.gov> selinux: avoid silent denials in permissive mode under RCU walk

commit 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
results in no audit messages at all if in permissive mode because the
cache is updated during the rcu walk and thus no denial occurs on
the subsequent ref walk. Fix this by not updating the cache when
performing a non-blocking permission check. This only affects search
and symlink read checks during rcu walk.

Fixes: 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe")
Reported-by: BMK <bmktuwien@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>