RFC [patch 10/34] PID Virtualization Change pid accesses: security/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Change pid accesses for security modules.

Signed-off-by: Dave Hansen <[email protected]>
Signed-off-by: Serge Hallyn <[email protected]>
---
 commoncap.c             |    2 +-
 keys/process_keys.c     |    6 +++---
 keys/request_key_auth.c |    2 +-
 seclvl.c                |   16 ++++++++--------
 selinux/avc.c           |    4 ++--
 5 files changed, 15 insertions(+), 15 deletions(-)

Index: linux-2.6.15/security/commoncap.c
===================================================================
--- linux-2.6.15.orig/security/commoncap.c	2006-01-17 08:36:28.000000000 -0500
+++ linux-2.6.15/security/commoncap.c	2006-01-17 08:37:01.000000000 -0500
@@ -169,7 +169,7 @@
 	/* For init, we want to retain the capabilities set
 	 * in the init_task struct. Thus we skip the usual
 	 * capability rules */
-	if (current->pid != 1) {
+	if (task_pid(current) != 1) {
 		current->cap_permitted = new_permitted;
 		current->cap_effective =
 		    cap_intersect (new_permitted, bprm->cap_effective);
Index: linux-2.6.15/security/keys/process_keys.c
===================================================================
--- linux-2.6.15.orig/security/keys/process_keys.c	2006-01-17 08:36:28.000000000 -0500
+++ linux-2.6.15/security/keys/process_keys.c	2006-01-17 08:37:01.000000000 -0500
@@ -140,7 +140,7 @@
 	char buf[20];
 	int ret;
 
-	sprintf(buf, "_tid.%u", tsk->pid);
+	sprintf(buf, "_tid.%u", task_pid(tsk));
 
 	keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL);
 	if (IS_ERR(keyring)) {
@@ -173,7 +173,7 @@
 	int ret;
 
 	if (!tsk->signal->process_keyring) {
-		sprintf(buf, "_pid.%u", tsk->tgid);
+		sprintf(buf, "_pid.%u", task_tgid(tsk));
 
 		keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL);
 		if (IS_ERR(keyring)) {
@@ -213,7 +213,7 @@
 
 	/* create an empty session keyring */
 	if (!keyring) {
-		sprintf(buf, "_ses.%u", tsk->tgid);
+		sprintf(buf, "_ses.%u", task_tgid(tsk));
 
 		keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL);
 		if (IS_ERR(keyring)) {
Index: linux-2.6.15/security/keys/request_key_auth.c
===================================================================
--- linux-2.6.15.orig/security/keys/request_key_auth.c	2006-01-17 08:36:28.000000000 -0500
+++ linux-2.6.15/security/keys/request_key_auth.c	2006-01-17 08:37:01.000000000 -0500
@@ -60,7 +60,7 @@
 		else {
 			/* it isn't - use this process as the context */
 			rka->context = current;
-			rka->pid = current->pid;
+			rka->pid = task_pid(current);
 		}
 
 		rka->target_key = key_get((struct key *) data);
Index: linux-2.6.15/security/seclvl.c
===================================================================
--- linux-2.6.15.orig/security/seclvl.c	2006-01-17 08:36:28.000000000 -0500
+++ linux-2.6.15/security/seclvl.c	2006-01-17 08:37:01.000000000 -0500
@@ -296,7 +296,7 @@
 static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
 {
 	if (seclvl >= 0) {
-		if (child->pid == 1) {
+		if (task_pid(child) == 1) {
 			seclvl_printk(1, KERN_WARNING, "Attempt to ptrace "
 				      "the init process dissallowed in "
 				      "secure level %d\n", seclvl);
@@ -313,7 +313,7 @@
 static int seclvl_capable(struct task_struct *tsk, int cap)
 {
 	/* init can do anything it wants */
-	if (tsk->pid == 1)
+	if (task_pid(tsk) == 1)
 		return 0;
 
 	switch (seclvl) {
@@ -375,10 +375,10 @@
 		    (tv->tv_sec == now.tv_sec && tv->tv_nsec < now.tv_nsec)) {
 			seclvl_printk(1, KERN_WARNING, "Attempt to decrement "
 				      "time in secure level %d denied: "
-				      "current->pid = [%d], "
-				      "current->group_leader->pid = [%d]\n",
-				      seclvl, current->pid,
-				      current->group_leader->pid);
+				      "current pid = [%d], "
+				      "current->group_leader pid = [%d]\n",
+				      seclvl, task_pid(current),
+				      task_pid(current->group_leader));
 			return -EPERM;
 		}		/* if attempt to decrement time */
 	}			/* if seclvl > 1 */
@@ -424,7 +424,7 @@
 static int
 seclvl_inode_permission(struct inode *inode, int mask, struct nameidata *nd)
 {
-	if (current->pid != 1 && S_ISBLK(inode->i_mode) && (mask & MAY_WRITE)) {
+	if (task_pid(current) != 1 && S_ISBLK(inode->i_mode) && (mask & MAY_WRITE)) {
 		switch (seclvl) {
 		case 2:
 			seclvl_printk(1, KERN_WARNING, "Write to block device "
@@ -479,7 +479,7 @@
  */
 static int seclvl_umount(struct vfsmount *mnt, int flags)
 {
-	if (current->pid == 1)
+	if (task_pid(current) == 1)
 		return 0;
 	if (seclvl == 2) {
 		seclvl_printk(1, KERN_WARNING, "Attempt to unmount in secure "
Index: linux-2.6.15/security/selinux/avc.c
===================================================================
--- linux-2.6.15.orig/security/selinux/avc.c	2006-01-17 08:36:28.000000000 -0500
+++ linux-2.6.15/security/selinux/avc.c	2006-01-17 08:37:01.000000000 -0500
@@ -558,8 +558,8 @@
 	audit_log_format(ab, " for ");
 	if (a && a->tsk)
 		tsk = a->tsk;
-	if (tsk && tsk->pid) {
-		audit_log_format(ab, " pid=%d comm=", tsk->pid);
+	if (tsk && task_pid(tsk)) {
+		audit_log_format(ab, " pid=%d comm=", task_pid(tsk));
 		audit_log_untrustedstring(ab, tsk->comm);
 	}
 	if (a) {

--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux