diff options
author | KP Singh | 2020-05-20 14:56:16 +0200 |
---|---|---|
committer | Alexei Starovoitov | 2020-05-20 20:12:07 -0700 |
commit | 0550cfe8c2c6f8e7a4c348b6603a794576db12dd (patch) | |
tree | 5d01836dd15038bed2fdd235c31d7e528e1fd9b3 /net | |
parent | 20a785aa52c82246055a089e55df9dac47d67da1 (diff) |
security: Fix hook iteration for secid_to_secctx
secid_to_secctx is not stackable, and since the BPF LSM registers this
hook by default, the call_int_hook logic is not suitable which
"bails-on-fail" and casues issues when other LSMs register this hook and
eventually breaks Audit.
In order to fix this, directly iterate over the security hooks instead
of using call_int_hook as suggested in:
https: //lore.kernel.org/bpf/9d0eb6c6-803a-ff3a-5603-9ad6d9edfc00@schaufler-ca.com/#t
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Fixes: 625236ba3832 ("security: Fix the default value of secid_to_secctx hook")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/bpf/20200520125616.193765-1-kpsingh@chromium.org
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions