On Thu, 2004-12-09 at 20:45, Serge Hallyn wrote: > Would the attached patch be sufficient, or should the force_sig_specific > and avc_audit also be moved to the final_setup()? It doesn't look to me > like doing them under task_lock is a problem, and it did test fine, but > I don't think I actually triggered the test conditions. (How do I get > selinux to try an unlawful transition?) force_sig_specific should definitely go into the second hook after release of task_lock, as you will otherwise nest task_lock inside siglock. avc_audit used to have an issue with being called under task_lock due to use of get_task_mm but I resolved that by only using get_task_mm when acting on a task other than current (as we can safely access current->mm without using get_task_mm), so I believe that you can actually collapse the avc_has_perm_noaudit()+avc_audit() calls into avc_has_perm() calls (which internally do both; the split interface is only for situations where we cannot safely do both under the same locking conditions or where we do not want to audit at all). -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Fri Dec 10 2004 - 05:35:04 PST