> -----Original Message----- > From: Jann Horn [mailto:ja...@google.com] > Sent: Wednesday, September 26, 2018 2:31 PM > To: Schaufler, Casey <casey.schauf...@intel.com> > Cc: Kernel Hardening <kernel-harden...@lists.openwall.com>; kernel list > <linux-ker...@vger.kernel.org>; linux-security-module <linux-security- > mod...@vger.kernel.org>; selinux@tycho.nsa.gov; Hansen, Dave > <dave.han...@intel.com>; Dock, Deneen T <deneen.t.d...@intel.com>; > kris...@linux.intel.com; Arjan van de Ven <ar...@linux.intel.com> > Subject: Re: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED > > On Wed, Sep 26, 2018 at 10:35 PM Casey Schaufler > <casey.schauf...@intel.com> wrote: > > A ptrace access check with mode PTRACE_MODE_SCHED gets called > > from process switching code. This precludes the use of audit, > > as the locking is incompatible. Don't do audit in the PTRACE_MODE_SCHED > > case. > > > > Signed-off-by: Casey Schaufler <casey.schauf...@intel.com> > > --- > > security/smack/smack_lsm.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > > index 340fc30ad85d..ffa95bcab599 100644 > > --- a/security/smack/smack_lsm.c > > +++ b/security/smack/smack_lsm.c > > @@ -422,7 +422,8 @@ static int smk_ptrace_rule_check(struct task_struct > *tracer, > > struct task_smack *tsp; > > struct smack_known *tracer_known; > > > > - if ((mode & PTRACE_MODE_NOAUDIT) == 0) { > > + if ((mode & PTRACE_MODE_NOAUDIT) == 0 && > > + (mode & PTRACE_MODE_SCHED) == 0) { > > If you ORed PTRACE_MODE_NOAUDIT into the flags when calling the > security hook, you could drop this patch, right?
Yes. Since the PTRACE_MODE_NOAUDIT was in PTRACE_MODE_IBPB in Jiri's previous patch set and not in PTRACE_MODE_SCHED in this one I assumed that there was a good reason for it. _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.