diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-04 14:07:08 -0700 | 
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-04 14:07:08 -0700 | 
| commit | 15a2bc4dbb9cfed1c661a657fcb10798150b7598 (patch) | |
| tree | f9ca834dbdd2e6cf1d5a2cef5008f82c72b00261 /security/smack/smack_lsm.c | |
| parent | 9ff7258575d5fee011649d20cc56de720a395191 (diff) | |
| parent | 3977e285ee89a94699255dbbf6eeea13889a1083 (diff) | |
Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull execve updates from Eric Biederman:
 "Last cycle for the Nth time I ran into bugs and quality of
  implementation issues related to exec that could not be easily be
  fixed because of the way exec is implemented. So I have been digging
  into exec and cleanup up what I can.
  I don't think I have exec sorted out enough to fix the issues I
  started with but I have made some headway this cycle with 4 sets of
  changes.
   - promised cleanups after introducing exec_update_mutex
   - trivial cleanups for exec
   - control flow simplifications
   - remove the recomputation of bprm->cred
  The net result is code that is a bit easier to understand and work
  with and a decrease in the number of lines of code (if you don't count
  the added tests)"
* 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (24 commits)
  exec: Compute file based creds only once
  exec: Add a per bprm->file version of per_clear
  binfmt_elf_fdpic: fix execfd build regression
  selftests/exec: Add binfmt_script regression test
  exec: Remove recursion from search_binary_handler
  exec: Generic execfd support
  exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC
  exec: Move the call of prepare_binprm into search_binary_handler
  exec: Allow load_misc_binary to call prepare_binprm unconditionally
  exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds
  exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
  exec: Teach prepare_exec_creds how exec treats uids & gids
  exec: Set the point of no return sooner
  exec: Move handling of the point of no return to the top level
  exec: Run sync_mm_rss before taking exec_update_mutex
  exec: Fix spelling of search_binary_handler in a comment
  exec: Move the comment from above de_thread to above unshare_sighand
  exec: Rename flush_old_exec begin_new_exec
  exec: Move most of setup_new_exec into flush_old_exec
  exec: In setup_new_exec cache current in the local variable me
  ...
Diffstat (limited to 'security/smack/smack_lsm.c')
| -rw-r--r-- | security/smack/smack_lsm.c | 9 | 
1 files changed, 3 insertions, 6 deletions
| diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6d4883a43fff..cd44b79bf1f5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -887,12 +887,12 @@ static int smack_sb_statfs(struct dentry *dentry)   */  /** - * smack_bprm_set_creds - set creds for exec + * smack_bprm_creds_for_exec - Update bprm->cred if needed for exec   * @bprm: the exec information   *   * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise   */ -static int smack_bprm_set_creds(struct linux_binprm *bprm) +static int smack_bprm_creds_for_exec(struct linux_binprm *bprm)  {  	struct inode *inode = file_inode(bprm->file);  	struct task_smack *bsp = smack_cred(bprm->cred); @@ -900,9 +900,6 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)  	struct superblock_smack *sbsp;  	int rc; -	if (bprm->called_set_creds) -		return 0; -  	isp = smack_inode(inode);  	if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)  		return 0; @@ -4584,7 +4581,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {  	LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),  	LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), -	LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), +	LSM_HOOK_INIT(bprm_creds_for_exec, smack_bprm_creds_for_exec),  	LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),  	LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), | 
