Current 2.5 kernels have reworked the kmod logic such that all work is done my keventd. keventd already does reparent_to_init, so there is no need to worry about getting the security labels right for code running off the keventd workqueue. This patch removes the task_kmod_set_label hook. Any objections? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ===== include/linux/security.h 1.28 vs edited ===== --- 1.28/include/linux/security.h Mon Mar 17 18:22:28 2003 +++ edited/include/linux/security.h Mon Mar 24 09:37:05 2003 @@ -47,7 +47,6 @@ extern int cap_bprm_set_security (struct linux_binprm *bprm); extern void cap_bprm_compute_creds (struct linux_binprm *bprm); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); -extern void cap_task_kmod_set_label (void); extern void cap_task_reparent_to_init (struct task_struct *p); extern int cap_syslog (int type); @@ -596,10 +595,6 @@ * @arg4 contains a argument. * @arg5 contains a argument. * Return 0 if permission is granted. - * @task_kmod_set_label: - * Set the security attributes in current->security for the kernel module - * loader thread, so that it has the permissions needed to perform its - * function. * @task_reparent_to_init: * Set the security attributes in @p->security for a kernel thread that * is being reparented to the init task. @@ -1303,7 +1298,6 @@ int (*task_prctl) (int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); - void (*task_kmod_set_label) (void); void (*task_reparent_to_init) (struct task_struct * p); int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); @@ -1935,11 +1929,6 @@ return security_ops->task_prctl (option, arg2, arg3, arg4, arg5); } -static inline void security_task_kmod_set_label (void) -{ - security_ops->task_kmod_set_label (); -} - static inline void security_task_reparent_to_init (struct task_struct *p) { security_ops->task_reparent_to_init (p); @@ -2579,11 +2568,6 @@ unsigned long arg5) { return 0; -} - -static inline void security_task_kmod_set_label (void) -{ - cap_task_kmod_set_label (); } static inline void security_task_reparent_to_init (struct task_struct *p) ===== security/capability.c 1.29 vs edited ===== --- 1.29/security/capability.c Mon Mar 17 16:24:04 2003 +++ edited/security/capability.c Mon Mar 24 09:39:11 2003 @@ -248,12 +248,6 @@ return 0; } -void cap_task_kmod_set_label (void) -{ - cap_set_full (current->cap_effective); - return; -} - void cap_task_reparent_to_init (struct task_struct *p) { p->cap_effective = CAP_INIT_EFF_SET; @@ -278,7 +272,6 @@ EXPORT_SYMBOL(cap_bprm_set_security); EXPORT_SYMBOL(cap_bprm_compute_creds); EXPORT_SYMBOL(cap_task_post_setuid); -EXPORT_SYMBOL(cap_task_kmod_set_label); EXPORT_SYMBOL(cap_task_reparent_to_init); EXPORT_SYMBOL(cap_syslog); @@ -297,7 +290,6 @@ .bprm_set_security = cap_bprm_set_security, .task_post_setuid = cap_task_post_setuid, - .task_kmod_set_label = cap_task_kmod_set_label, .task_reparent_to_init = cap_task_reparent_to_init, .syslog = cap_syslog, ===== security/dummy.c 1.31 vs edited ===== --- 1.31/security/dummy.c Tue Mar 18 17:28:47 2003 +++ edited/security/dummy.c Mon Mar 24 09:40:31 2003 @@ -538,11 +538,6 @@ return 0; } -static void dummy_task_kmod_set_label (void) -{ - return; -} - static void dummy_task_reparent_to_init (struct task_struct *p) { p->euid = p->fsuid = 0; @@ -996,7 +991,6 @@ set_to_dummy_if_null(ops, task_wait); set_to_dummy_if_null(ops, task_kill); set_to_dummy_if_null(ops, task_prctl); - set_to_dummy_if_null(ops, task_kmod_set_label); set_to_dummy_if_null(ops, task_reparent_to_init); set_to_dummy_if_null(ops, ipc_permission); set_to_dummy_if_null(ops, msg_msg_alloc_security); ===== security/owlsm.c 1.40 vs edited ===== --- 1.40/security/owlsm.c Wed Dec 18 13:44:24 2002 +++ edited/security/owlsm.c Tue Mar 25 09:06:39 2003 @@ -97,7 +97,6 @@ .capable = cap_capable, .task_post_setuid = cap_task_post_setuid, - .task_kmod_set_label = cap_task_kmod_set_label, .task_reparent_to_init = cap_task_reparent_to_init, .bprm_alloc_security = owlsm_binprm_alloc_security, ===== security/root_plug.c 1.2 vs edited ===== --- 1.2/security/root_plug.c Mon Dec 23 13:22:00 2002 +++ edited/security/root_plug.c Mon Mar 24 09:40:55 2003 @@ -143,7 +143,6 @@ .bprm_set_security = cap_bprm_set_security, .task_post_setuid = cap_task_post_setuid, - .task_kmod_set_label = cap_task_kmod_set_label, .task_reparent_to_init = cap_task_reparent_to_init, .bprm_check_security = rootplug_bprm_check_security, ===== security/dte/dte.c 1.41 vs edited ===== --- 1.41/security/dte/dte.c Wed Feb 19 18:10:20 2003 +++ edited/security/dte/dte.c Mon Mar 24 09:37:28 2003 @@ -575,12 +575,6 @@ return 0; } -static void dte_task_kmod_set_label (void) -{ - if (dte_secondary_ops) - dte_secondary_ops->task_kmod_set_label(); -} - static void dte_task_reparent_to_init (struct task_struct *p) { if (dte_secondary_ops) @@ -828,7 +822,6 @@ task_wait: dte_task_wait, task_kill: dte_task_kill, task_prctl: dte_task_prctl, - task_kmod_set_label: dte_task_kmod_set_label, task_reparent_to_init: dte_task_reparent_to_init, ip_decode_options: dte_ip_decode_options, ===== security/lids/lids_lsm.c 1.36 vs edited ===== --- 1.36/security/lids/lids_lsm.c Fri Jan 3 11:56:08 2003 +++ edited/security/lids/lids_lsm.c Mon Mar 24 09:37:52 2003 @@ -643,11 +643,6 @@ return 0; } -static void lids_task_kmod_set_label (void) -{ - return; -} - static void lids_task_reparent_to_init (struct task_struct *p) { p->euid = p->fsuid = 0; @@ -804,7 +799,6 @@ .task_wait = lids_task_wait, .task_kill = lids_task_kill, .task_prctl = lids_task_prctl, - .task_kmod_set_label = lids_task_kmod_set_label, .task_reparent_to_init = lids_task_reparent_to_init, .ipc_permission = lids_ipc_permission, ===== security/selinux/hooks.c 1.81 vs edited ===== --- 1.81/security/selinux/hooks.c Tue Mar 25 08:12:10 2003 +++ edited/security/selinux/hooks.c Tue Mar 25 08:23:06 2003 @@ -2403,18 +2403,6 @@ return task_has_perm(p, current, perm); } -static void selinux_task_kmod_set_label(void) -{ - struct task_security_struct *tsec; - - secondary_ops->task_kmod_set_label(); - - tsec = current->security; - tsec->osid = tsec->sid; - tsec->sid = SECINITSID_KMOD; - return; -} - static void selinux_task_reparent_to_init(struct task_struct *p) { struct task_security_struct *tsec; @@ -4061,7 +4049,6 @@ task_kill: selinux_task_kill, task_wait: selinux_task_wait, task_prctl: selinux_task_prctl, - task_kmod_set_label: selinux_task_kmod_set_label, task_reparent_to_init: selinux_task_reparent_to_init, ipc_permission: selinux_ipc_permission, _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 11:06:58 PST