linux/security
Stephen Smalley 3a2f5a59a6 security,selinux,smack: kill security_task_wait hook
As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful.  Remove
the security hook and its implementations in SELinux and Smack.  Smack
already removed its check from its hook.

Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-01-12 11:10:57 -05:00
..
apparmor
integrity
keys
loadpin
selinux security,selinux,smack: kill security_task_wait hook 2017-01-12 11:10:57 -05:00
smack security,selinux,smack: kill security_task_wait hook 2017-01-12 11:10:57 -05:00
tomoyo
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig
lsm_audit.c
Makefile
min_addr.c
security.c security,selinux,smack: kill security_task_wait hook 2017-01-12 11:10:57 -05:00