diff options
| author | Kees Cook <kees.cook@canonical.com> | 2010-06-29 11:07:44 -0700 |
|---|---|---|
| committer | John Rigby <john.rigby@linaro.org> | 2012-06-20 13:42:57 -0600 |
| commit | 1375851b04487f957f3c4a9f3a4bd69bcf0783d7 (patch) | |
| tree | 4ec8da78590d4c5548727d7042c535510dc5d3f8 /security/security.c | |
| parent | 849748c304d3f25c1af6e62a2c0ab14bc082196d (diff) | |
UBUNTU: SAUCE: security: unconditionally chain to Yama LSM
This patch forces the LSM to always chain through the Yama LSM
regardless of which LSM is selected as the primary LSM.
This is not intended for upstream. This is, however, what Ubuntu
and ChromeOS are doing.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 60b996a5f5d..2368d0c0901 100644 --- a/security/security.c +++ b/security/security.c @@ -132,6 +132,10 @@ int __init register_security(struct security_operations *ops) int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { + int rc; + rc = yama_ptrace_access_check(child, mode); + if (rc) + return rc; return security_ops->ptrace_access_check(child, mode); } @@ -402,8 +406,12 @@ EXPORT_SYMBOL(security_path_symlink); int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) { + int rc; if (unlikely(IS_PRIVATE(old_dentry->d_inode))) return 0; + rc = yama_path_link(old_dentry, new_dir, new_dentry); + if (rc) + return rc; return security_ops->path_link(old_dentry, new_dir, new_dentry); } EXPORT_SYMBOL(security_path_link); @@ -522,8 +530,12 @@ EXPORT_SYMBOL(security_inode_readlink); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) { + int rc; if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; + rc = yama_inode_follow_link(dentry, nd); + if (rc) + return rc; return security_ops->inode_follow_link(dentry, nd); } @@ -729,6 +741,7 @@ int security_task_create(unsigned long clone_flags) void security_task_free(struct task_struct *task) { + yama_task_free(task); security_ops->task_free(task); } @@ -844,6 +857,10 @@ int security_task_wait(struct task_struct *p) int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { + int rc; + rc = yama_task_prctl(option, arg2, arg3, arg4, arg5); + if (rc != -ENOSYS) + return rc; return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); } |