MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 05:15:23 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v4.14/base
linux-yocto/security/apparmor
History
Jann Horn ecf8e185a2 apparmor: don't try to replace stale label in ptraceme check 
[ Upstream commit ca3fde5214 ]

begin_current_label_crit_section() must run in sleepable context because
when label_is_stale() is true, aa_replace_current_label() runs, which uses
prepare_creds(), which can sleep.

Until now, the ptraceme access check (which runs with tasklist_lock held)
violated this rule.

Fixes: b2d09ae449 ("apparmor: move ptrace checks to using labels")
Reported-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-06-30 15:37:57 -04:00
..
include apparmor: don't try to replace stale label in ptrace access check 2020-01-27 14:46:04 +01:00
.gitignore
apparmorfs.c apparmor: Fix aa_label refcnt leak in policy_update 2020-05-27 16:43:07 +02:00
audit.c
capability.c
context.c
crypto.c
domain.c apparmor: Fix aa_label_build() error handling for failed merges 2019-03-13 14:03:16 -07:00
file.c
ipc.c apparmor: fix logging of the existence test for signals 2018-04-19 08:56:18 +02:00
Kconfig
label.c apparmor: fix introspection of of task mode for unconfined tasks 2020-06-25 15:41:50 +02:00
lib.c apparmor: Fix uninitialized value in aa_split_fqname 2018-11-27 16:10:47 +01:00
lsm.c apparmor: don't try to replace stale label in ptraceme check 2020-06-30 15:37:57 -04:00
Makefile
match.c
mount.c
nulldfa.in
path.c
policy_ns.c
policy_unpack.c apparmor: enforce nullbyte at end of tag string 2019-06-25 11:36:51 +08:00
policy.c
procattr.c
resource.c
secid.c