On 07/07, Roland McGrath wrote: > > > > For exec transitions (set-id, file caps, selinux), I'd originally figured > > > an engine's report_exec could check for changes and decide to detach > > > itself > > > if appropriate. > > > > No, it can't. At this point S_ISUID/S_ISGID exid's were already dropped, > > or exec can fail before before tracehook_report_exec(). > > If an exec fails, nothing changes and there is no security-relevant event > to take notice of. I don't really follow your other comment. But ...
I meant, it can fail because selinux sees LSM_UNSAFE_PTRACE and cancells exec. If we add ->report_security_check() callback or something, we can detach the engines which doesn't pass the check. > > The only question: do you think the trivial 1st patch is correct? > > The one that just adds a macro defined to another existing macro? > Any change that preprocesses out to the same code is "correct", sure... Well, sure. The question was: am I right this is the only change we need to make sure that task->utrace_flags will always have the ENGINE_EXTRA_FLAGS bits from all engine->flag's ? OK, I think it is correct. Oleg.