From: ebiederm@xmission.com (Eric W. Biederman)
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
Date: Thu, 17 Oct 2013 13:10:30 -0700 [thread overview]
Message-ID: <87ppr38xqh.fsf@xmission.com> (raw)
In-Reply-To: <201310172037.CGD82846.LOJHFStOFMVOFQ@I-love.SAKURA.ne.jp> (Tetsuo Handa's message of "Thu, 17 Oct 2013 20:37:32 +0900")
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> writes:
>>From 6bea9ec93a3596efb512292aee0ab88e219130cd Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 30 Sep 2013 20:07:24 +0900
> Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
>
> Add a LSM hook which is called only when an execve operation failed after
> prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously
> cleaning up resources allocated during an execve operation.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> fs/exec.c | 1 +
> include/linux/security.h | 11 +++++++++++
> security/capability.c | 5 +++++
> security/security.c | 5 +++++
> 4 files changed, 22 insertions(+), 0 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 8875dd1..89f0479 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1172,6 +1172,7 @@ void free_bprm(struct linux_binprm *bprm)
> {
> free_arg_pages(bprm);
> if (bprm->cred) {
> + security_bprm_aborting_creds(bprm);
Can you move this look outside of the cred_guard_mutex? It looks like
you can and I expect not unnecessarily extending the scope of the mutex
would be a good idea.
> mutex_unlock(¤t->signal->cred_guard_mutex);
> abort_creds(bprm->cred);
> }
next prev parent reply other threads:[~2013-10-17 20:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-17 11:35 [PATCH 0/4] LSM/TOMOYO: Stop using per a cred variables and start using per a task_struct variables Tetsuo Handa
2013-10-17 11:37 ` [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook Tetsuo Handa
2013-10-17 20:10 ` Eric W. Biederman [this message]
2013-10-18 12:42 ` Tetsuo Handa
2013-10-18 23:47 ` Eric W. Biederman
2013-10-17 11:38 ` [PATCH 2/4] LSM: Revive security_task_alloc() hook Tetsuo Handa
2013-10-17 11:40 ` [PATCH 3/4] TOMOYO: Remember the proposed domain while in execve() request Tetsuo Handa
2013-10-17 11:41 ` [PATCH 4/4] TOMOYO: Allow caching policy manager's state until " Tetsuo Handa
2013-10-30 13:21 ` [PATCH 0/4] LSM/TOMOYO: Stop using per a cred variables and start using per a task_struct variables Tetsuo Handa
2013-10-31 14:19 ` James Morris
2013-11-02 5:53 ` [PATCH 0/4] LSM/TOMOYO: Stop using per a cred variables andstart " Tetsuo Handa
-- strict thread matches above, loose matches on Subject: below --
2013-06-11 13:11 [PATCH 0/4] LSM/TOMOYO: Introduce " Tetsuo Handa
2013-06-11 13:12 ` [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ppr38xqh.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.