diff options
| author | H. Peter Anvin <hpa@linux.intel.com> | 2012-10-19 07:54:24 -0700 |
|---|---|---|
| committer | H. Peter Anvin <hpa@linux.intel.com> | 2012-10-19 07:55:09 -0700 |
| commit | 4533d86270d7986e00594495dde9a109d6be27ae (patch) | |
| tree | c2473cac653f7b98e5bd5e6475e63734be4b7644 /security/security.c | |
| parent | 21c5e50e15b1abd797e62f18fd7f90b9cc004cbd (diff) | |
| parent | 5bc66170dc486556a1e36fd384463536573f4b82 (diff) | |
Merge commit '5bc66170dc486556a1e36fd384463536573f4b82' into x86/urgent
From Borislav Petkov <bp@amd64.org>:
Below is a RAS fix which reverts the addition of a sysfs attribute
which we agreed is not needed, post-factum. And this should go in now
because that sysfs attribute is going to end up in 3.7 otherwise and
thus exposed to userspace; removing it then would be a lot harder.
This is done as a merge rather than a simple patch/cherry-pick since
the baseline for this patch was not in the previous x86/urgent.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/security/security.c b/security/security.c index 860aeb349cb..8dcd4ae10a5 100644 --- a/security/security.c +++ b/security/security.c @@ -136,11 +136,23 @@ int __init register_security(struct security_operations *ops) int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { +#ifdef CONFIG_SECURITY_YAMA_STACKED + int rc; + rc = yama_ptrace_access_check(child, mode); + if (rc) + return rc; +#endif return security_ops->ptrace_access_check(child, mode); } int security_ptrace_traceme(struct task_struct *parent) { +#ifdef CONFIG_SECURITY_YAMA_STACKED + int rc; + rc = yama_ptrace_traceme(parent); + if (rc) + return rc; +#endif return security_ops->ptrace_traceme(parent); } @@ -264,8 +276,8 @@ int security_sb_statfs(struct dentry *dentry) return security_ops->sb_statfs(dentry); } -int security_sb_mount(char *dev_name, struct path *path, - char *type, unsigned long flags, void *data) +int security_sb_mount(const char *dev_name, struct path *path, + const char *type, unsigned long flags, void *data) { return security_ops->sb_mount(dev_name, path, type, flags, data); } @@ -434,7 +446,7 @@ int security_path_chmod(struct path *path, umode_t mode) return security_ops->path_chmod(path, mode); } -int security_path_chown(struct path *path, uid_t uid, gid_t gid) +int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) { if (unlikely(IS_PRIVATE(path->dentry->d_inode))) return 0; @@ -561,6 +573,9 @@ int security_inode_setxattr(struct dentry *dentry, const char *name, ret = security_ops->inode_setxattr(dentry, name, value, size, flags); if (ret) return ret; + ret = ima_inode_setxattr(dentry, name, value, size); + if (ret) + return ret; return evm_inode_setxattr(dentry, name, value, size); } @@ -596,6 +611,9 @@ int security_inode_removexattr(struct dentry *dentry, const char *name) ret = security_ops->inode_removexattr(dentry, name); if (ret) return ret; + ret = ima_inode_removexattr(dentry, name); + if (ret) + return ret; return evm_inode_removexattr(dentry, name); } @@ -761,6 +779,9 @@ int security_task_create(unsigned long clone_flags) void security_task_free(struct task_struct *task) { +#ifdef CONFIG_SECURITY_YAMA_STACKED + yama_task_free(task); +#endif security_ops->task_free(task); } @@ -876,6 +897,12 @@ int security_task_wait(struct task_struct *p) int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { +#ifdef CONFIG_SECURITY_YAMA_STACKED + int rc; + rc = yama_task_prctl(option, arg2, arg3, arg4, arg5); + if (rc != -ENOSYS) + return rc; +#endif return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); } |