summaryrefslogtreecommitdiff
path: root/security/apparmor/lsm.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 11:58:42 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:37 -0700
commit192ca6b55a866e838aee98d9cb6a0b5086467c03 (patch)
treeeba93d671a1476432f357fa68e6842f548e2cb2f /security/apparmor/lsm.c
parent2835a13bbdc09d330eafdf5e67eb407c90c01ab7 (diff)
downloadlwn-192ca6b55a866e838aee98d9cb6a0b5086467c03.tar.gz
lwn-192ca6b55a866e838aee98d9cb6a0b5086467c03.zip
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead in read/write and also prevents file handles being passed through to a grand child unchecked. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r--security/apparmor/lsm.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3c6fa9753675..7ba43c18687a 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -417,6 +417,10 @@ static int common_file_perm(const char *op, struct file *file, u32 mask)
struct aa_profile *profile, *fprofile;
int error = 0;
+ /* don't reaudit files closed during inheritance */
+ if (file->f_path.dentry == aa_null.dentry)
+ return -EACCES;
+
fprofile = aa_cred_raw_profile(file->f_cred);
AA_BUG(!fprofile);
@@ -600,6 +604,8 @@ static void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
(unconfined(new_ctx->profile)))
return;
+ aa_inherit_files(bprm->cred, current->files);
+
current->pdeath_signal = 0;
/* reset soft limits and set hard limits for the new profile */