Message ID | 20181105190504.500-5-casey.schaufler@intel.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A39D014E2 for <patchwork-selinux@patchwork.kernel.org>; Mon, 5 Nov 2018 19:38:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AD452993B for <patchwork-selinux@patchwork.kernel.org>; Mon, 5 Nov 2018 19:38:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7BC2029944; Mon, 5 Nov 2018 19:38:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI autolearn=ham version=3.3.1 Received: from upbd19pa12.eemsg.mail.mil (upbd19pa12.eemsg.mail.mil [214.24.27.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4453F2993B for <patchwork-selinux@patchwork.kernel.org>; Mon, 5 Nov 2018 19:38:35 +0000 (UTC) X-EEMSG-check-008: 168096537|UPBD19PA12_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa12.eemsg.mail.mil with ESMTP; 05 Nov 2018 19:38:33 +0000 X-IronPort-AV: E=Sophos;i="5.54,469,1534809600"; d="scan'208";a="20293315" IronPort-PHdr: 9a23:BAY2ExcM8gb7fUOjuM2bVHHzlGMj4u6mDksu8pMizoh2WeGdxcm7bRyN2/xhgRfzUJnB7Loc0qyK6/+mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbF/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4KlxSB/slSwJKTg3/m/KgcB0la5XvQ6tqxl5zoXJYo+aKeB+c7vdc90ES2RPXcFfWC5PAo2hd4sCDfcNMOhXoIbhqFUBswC+CBKwBO7t0DJEmmX70bEk3+knDArI3BYgH9ULsHnMstj6LrwSXv61zaLV0DvMc/NW1i3g6IjGdhAuv+uMVq93fMXN00YvDB3Kj1WKpYz+IzyV1v4Cs3WV7+pkS+2vkXUqqwB3ojiz2MgsjpPFiZ4SylDB7Ch0xps+K96gSENjfNKpH5RduzuaOodrWM8uXW5ltDggxrEboZK3YSwHxZc9yxLCafGKc5KE7xbnWeqLLzp1hHRoc6+liRmo60iv0Oj8W9Gx0FZNsyVKjMHBtmsI1xzP8siHTeZ9/lu51TaPyQ/T7uZELFgolaXBMZ4hw6MwloEJvUTfHi75hEX2jKiMekUi5ueo8Pjobq/jpp+dM494kgD+MqIwlcyjGek0LwcDUmeB9em8ybHv51P1TbpUgvEsj6XVqJXaKt4apq69DQ9VyIEj6xOnAje9ztsYmXgHLFRYeBOIloTmIFbOIO3+DfijnVusiyxmx+zGP7L9ApXNKWLPkLH6fbln8UJcxw0zzc5H65JOFr4BOO7zWlP2tNHADB85NAq0zPz7CNV9zIweX3mCAq2eMKPUtF+H/PkvI/WSa48PozbxMf8l5+ThjXUhg18SYbGp3YcLaHC/BvlmIUeZbmDwjdcCCmcKuQw+TO30iFCZXz5TY2uyXq0n6TEmDoKmEZrDSpqqgLyb0yexBodWaXxeClCQDXfocJ2JW+8SZy2JPMBhlD0EVaSmS4I61BGhqhH1xKR9IurT4C0Yuorp1MJp6O3LiREy6Tt0AtyA3GGKSWF0mH4HSCEy3KB+ukFy0EmM0bJ/g/BCEtxT/fxJWB8gNZHA1+x6F8zyWgXZc9iXUFapWM+mATAqTt8q298BeVx9G9S5jhDb2yqlGaMamKKRCJwz6KLc0GD7J9xhxHbeyKkhk14mT9NBNG2ngq5/8hbcB5TSnkWXiamlaKMc3DTX+2eb12qOu0NYXxBsXqXZR3wfYVHWrdvh7EPYU7CuEagnMhdGycOaJKtKcMfmjVNaS/fiI9TTeGexm3+xBRqR3bONYpHqd38a3CXHB0gOixoT8mqeNQgiGiehpHrTDD90GlLsZEPs7PJzqHChQU83yAGKcldt172v+h4anfacUe8c3qoYuCc9rDV5BEyy0M/MC9qBuQVhZr5Rbskh71dCz27ZsBZ9PpO4JaB4mlEeaxh3v1/p1xhvFopPi8wqo20xzApuKaOY10hMdyiE0pDxJLLXLHXy/BG1ZKLM3FHRzsqW8L8V6Psks1XjoB2pFk06/nV9ztZazmCR5prPDAsdS57xVFg49wRirbHAfiY9/5/U1WFrMaSsqT/C1cgpBOw+yha8ZNpfK6WEFAj8Es0fHceuLvYmm163YRIYJOpS7rI7P9u6d/ua366mJOBgnDOijWRD/o99yVmB+DBiRe7S2JYJ2faY3hGIVz3klleurtj3mZxYZTEVBmew1DTkC5RLZqBpYYkLDmKuLNGtydVlm57hQXhY+0C/B1kews+mZQKSb0Dh3Q1XzUkXv32nljekzzxziTEltLaQ3CzJw+TkexoKIWpLRGhkjVj2O4i0iMoWXE+ybwgmjBGl/1r1x7BHpKRjKGneWUNIfyntL2F+S6ewraSNY8pO6JMurCVWX/+xYUuCSr78pRsa0j/sH3BEyDA9aT6qpo3znwZmh2KFMHZzsH3ZdNlqxRfY4NzcQeBe3iAaSyl/hzjaHUO8P8S18tWPjZvDtfq+V225XJ1JbSbr1Z+AtDe85WByAh2wgfazmsb8HAg5zyD70cJqVSPWoxbgeIXr0L66Me1/dElyGFD889Z6Gp15koYonJEfw2UahpGL8nofi2jzN8lb1rzkbHcWWD4L2MDa4BL+2EF5NXKJwJ/5Vm+BzcR/adm6ZXkW2i0j4MxQDqeb8qBElzNvolWktQLRfeR9njAFxPsw7n4VnvoEuBQrziqAArAeB09YMjLwlx6Q9dCxsL1XZHqzcbi3zEd+hcquDKyGogxHRHn5e4siHC9p4sVxKl3M1mf/6ob+eNnfddgTrAGbkw/cj+hJL5I8jvkKhCpjOW3jpnAlzuk7jRJg3Z6koIiHN2Vt/KW8AhFGLDH1Yd0c+i31h6ZEgsmWx5yvHolmGjgTUpvnV/SoEC4VtfTiLAuOHiMzpWqcGbrFBwCf8F1mr3XNE5+1K36XOGMVzdJ4RBmSPEZfmhwbXC0mnp4lEQCn3Mnhf1195jAV+FH4tgdMxfhyOBTkVGfQuhuoaiwoR5eFNBpZ8BtO50HLPsyC9uhzBT1X/oW9rAyRLWyWfwpIDXsXVUOZHFDsJL+u5cXH8+iDHeexNefBYbCUpexZTfeIyoql0pF68DaUKsWPIn5iAuUg1UVYWnx5H8XZmy4TSywMjS7NdNCUqwum9i1ssM+/9PXrWATy5YqAELZdLdVu+wqrgaeYLeKRijx2KSpD1pMLw3/E0r8f3EQdiyt2bTmiDawAtTLRTKLXgqJYFB8bayx0NMtO9K8zwxdCNtXaitzv0L50lPk1C01KVVb5gMGmedQKI32hNFPAHEuLNrSGJD3Tw8HwZaO8SKFQg/tPuh21uDabD1XjMSqZmznuTRCvPvlGjDuHMxxGpIG9bhFtBHDlTN34cBK7NMR6jT4xwb0vmnPFL2gcMSN/c0NMtLGQ6z1XgulnEWxb8nVlNfWEmzqe7+TAN5kZq+VrAiVpmOJB+3k10aFV7DtDRP17gyvdsMJho0y8kumO1jpmUABCqjBVi4KXpU9iI7nW9oFcWXbY+xIA9WGQCxMQp9R7DN3uuqdQx8PAlKL1NTdO6dXU/dETB8LMMsKILGIhMQb1GD7TFAYFViCkNWXeh0xbjfGT+WaYoYQ9qpjphJUBUKRbVEAvGvMcFEtlAMQIII1rUTM8jb6bkMkI6GKjoxbNQcVauZbHVu6PDfj0NjaWk6NEZxoJwLP/K4QfLIv71FJ+alNihoTFB1LQXcxRoi1mdgI0vERN8H15Tm0v20Lkahig72ISFf+0hBE5kRFyYeIz+zfw+103PEbFpDMskEktntXomSqecDrwLKisQ45ZEy/0tkg3MpP8RQZ6dxa/kldlNDjeQbJdlrVgdX1xhA/ap5RPBeZWTbdYbx8I2fGXe/Io3ExHpSq5w09K/vHKBoZ8lAQ0a56stGhP2xhjbdIvIqzQPqVJxEBKhq2Spi+oyvwxwAgGKkYX9mOSeTIHuEwPNrkiPCqm5vVi5xGYlTZff2YBTOYlovVv9kwhIeuA1D7g36RFKk+vK+yVN7mZtHTYlc6UXlMw0VsFmFVH/bdszcguaFabV0crzLuVFhQGK9DCKR1LYMVO9HjfZyGOsf/CwZhtJYWyCvjoTfOStKYTmk+kBhwmH54L7ssaBZSszFvYIt35LLEbzRUt5QLrJFqBDPRIdxKLkCsHo8+lw59t2IlRPDcdDnthMS+v/LbYuhcqgOafXNcxenobUJEIOW42WM27ni5Zvm5PDDqs3+IY1geN8SHzqj7XDDnmYNppfO2Uag90CNGq5TU/9LC7iVvN/ZXEJGH1K8hiut7J6eMVvJuGBelbTb9hvEfYnIlYWmGlU3XVHd6zOZfwd5EmbcboBXaiTly/lzU1Qt/pPNaqKqiHmxvoRIhTsImf0jAuLsq9FjYZGxdrue4M+Lh8ZQoYY5ogYB7osQs+O7a4IAeC3dWkW3ytJidOT/lD0eW6YKRawDA2bu+nznssVJI6wvK28U4MRZEKkgrRyeylZ4ZATSj5AmZddBnXpSoli2hhMf4/wvs4wBPNqlQcLyyHdOlyZ2BeudEzG0+SK21sCmUkX1+ckZbD4gm00rAQ+CtSgc1Z3vBbv3jloJDfei6sV7K2ppnPtSovc8QmqbVrMYP/OsuGqI/enjvHQZnMrwKKTS+6GOBemtVLPC1YR/xIln0/NswdpYpN80wxWdkiJ7ZXEqkjuqiqaSZ4DS4V1SIZT5iA3CAYjeihx7vXjQyQcJM/MBwerJpNnN0dUzJsYiwEoK+vTYLWl3WLSmITOgcc8RxM5B4clo93Zu3q+4TIQ4NQxzNUvv55XDDGGYVv91v+Vm6Zm0P4SOm7n+yvww1S0Orm0sMHVx5nFUhd2+FWm1M0KLFtNaYfoJPFvySVdUP+oGLt0vGpJEdQyc3Tc133EpbFuXD7Ui0G9n0eXZVPx23HFZQOjwp5b74mpFdWL4C8fUb+/DgkyJ53H7SjUMCr2lIlrWoHRyi2EtpOEedmsEnNVD1ieZCrp43vO49OTW9I5J2dt1BZnV1jMiGjzZpcN99C4iQXXDVUvzWSosGyR9Ze2c9zFZMMJc1/u3jlEqNeJJeRu2E2uqDoynLB+TAzqlG6xDupG6+/Uu1W4XYTGhkzKGSYsUkvCPEg8mHM/VDRqlp05ftUBqCTjUVtpzZwBp9OBitI1XChK1R8UnxGvv5HJ6vLaMNcQuM9ZRm1Nxw5D/4m0FSD/Vtoknfhfyxyqgxa9jjfXwk1UCkYmbLtliMeq865Iz8aSpRIbTo7YyfDNQ2bhThdvAxDZEFyR5AZHtFF9qkd3YtQ5cfCSECsKSQfUBxjMAI43+BfmlRYsEWEYyDdEBanderSsh1tY8idtsmpLO72/A1fkIPorPg497kfR32hgQCtRNfer4ngtt2FqESDb6L4M+ymbn/HUjfMkR6xhbA+D5nJ5CjfKgxbJIdmyXA8e5juFXbLPQhaJ6IcP0dbUbt6adBGr+1Bac9rZrsG+ah3Bh2dXhPvAouvrPtYIVnPWTTSNSKB8vawoYjL97zSVfDgZtCQx3bAW693P5Z75iPhFLj2yoJe4VT52utz+UxmU1TGNDqBrNv5LAMR+MaiblfivoEuHT7OG5hwkWHtx09aeMoVQi2q7IwYx4lE6Hb0Uu93zk/zv/BM+LZ+9Ik3+bdpyd2uKqvILvRaq0BnCACOBgp27pUtHHR/R2dJb+8JMvjRYbgWjcDgquDwDawX6wSZ+/dHZtvDJkHBnNS/Cz6HRBxchggBtSIVLguS1v6Cga90Styppevn1UI35VixMBoGwKpq5Yee9aqCvPXXYAfJzbgYRqjqQdv+rrItu0yO4v0kkKQBendvbw2mF+gdUdUdxnz7wKAvwi8tHNnPH7X6+P5MT3g5hC7vm4hhH1UKHfMZBbWL8phFnmcjguDXK9IYfKZDmmaJCB6lHaQPyXGu6ySNJmlqnAvC0xbqQWO89FX2tzN3QTPQz9f/lUpYTru3BUBSXyqvI0N3rDOPPA71tNXquKU17Uc2MnfntNKMj2ahJrJXH9PlK9yYPCY0pUgbjJsvSdyzwYobA8ayIM8N8HFiafvT82KrkzFbrKdBnIfe5tyV9ejWHXmnlK2WsbKNxCpXynIgp1Ew9sigNu3S592NW/mo2GIRTyBxugTfWx61rqfWr0sTOUyN0UfEhJYGPtdH0nkkzkvm/vQsQMov9AVCEYbNf/YCpTHwODv3xlaSeNA3WTOd0ztQGFL6D194FLI62G3uoMLDjW3Q9EEwRolsa0znggR6AJ4mJkIr9Fga2TEDEQwKaRCHELGoG1rqIpYeWUgEcxSH06Cwer0r0k1r3rOv+OjTYPRyB6UTMvZdjxaOk0ZAF5MXsK0eRbd8dEFH9K7TuAfuEY/nX+LplXAoL/26Xtha8dwFt3sl+gu+SQKg6Y1C77kHlp+FbatEYZnQvMBm8Uhr/zkPdjZCgBJnlRO2TfgcpPz/4tjcqJeo7eKuW7g2SuUP8xg7HX9+j4fxgF8/vdHXzflTRZPPhYT57g9NP2aAuJzG3BlkNeoON4Wrca5k93UGISgeOn0PMcOSa/k9+C9tLC7T6kdDAswWY9MYO9DBmQdOik3mQLtT7NbUGkeEC4dvcMAl92/3xyop/ps8U+bg7ji2KIvB71FMOfNMkiFslNPEpOgIzvveEi8X4WOWaxJt2CON14GNC+rs/eWL0NzUVUkJHi0xU4hGPzeC5AqnRva1lJXuTwOU5c/zgI4keEKWWHOxgLwPsrxQHu5YliX7wj9eG5j3h/KQtNqs8nFXtlxcEIto6x3KAqBfMYt6ORjikcmrXEd8DDPleM7IbhoupPaWxuAU7uVlOUv+YJMULxMHxr/h93paUBFuSL/3v1aeW+Idft1mR+3YriMd1YU1KKIVOlWZ4ZzjtDtFrlEwDyctaaQstXpdbkTIgwRRX+D/v7tEwg8dV8Np/ExBA2S9PEog6DfdE6dYlq+cDLoS6DrXBqgPVVh4dzhzSA6v2Yl/Pr6uke1Dv0tYkS5n5vsnyTprQF27oyKo77kA3TMm5aGQqCQKuXsDSP6X1SjPFxELx/0RgLZaEH3i4EGyZHQZRIr0/LRjY8/n8M1p730hbFMjdisdUOKICifsgqfOCYuK9JpQiRiAtcOIcfm/KiMRHrU71R/nAXN610yWnwxp63cGRB2k7dk5NMO8P9oowmyjHm2fPF8W4KpPmM/ws0MbCuowdV5lhm5k15upXCoIEefGAGskxjMvaWxZfpZO81dOHKAzjyfOpaJG9xwaZDrOOoWj5oTU28zP3C9uHp9R2mvKq/jd1dsR23p/loYxt3aD X-IPAS-Result: A2CpAADXm+Bb/wHyM5BlHAEBAQQBAQcEAQGBVAQBAQsBggSBZRYSjG2LOYINkjaFC4FaGRgTAYgTIjcKDQEDAQEBAQEBAgFsKII2JIJhAwMBAiQTFCAOAwkBAR8hCAgDAS0VEQcHCwUYBIMAggKrSDOKIIdOhCiBWD+IbgESAYV6Ao83M49IBwKCFASObgsYkGAslxqBWSJkcU0jUIJskHpOgQUBAYpQgj4BAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 05 Nov 2018 19:38:32 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wA5JcV9B029235; Mon, 5 Nov 2018 14:38:31 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id wA5J58H9032796 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Mon, 5 Nov 2018 14:05:08 -0500 Received: from goalie.tycho.ncsc.mil (goalie.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wA5J58wv024103 for <selinux@tycho.nsa.gov>; Mon, 5 Nov 2018 14:05:08 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1A5AAANlOBbfSNjr8ZlHQEBBQEHBQGBUQgBCwGDaRYSjA6MGIINkjaEd4F6DYRsAoNRIjQNDQEDAQEBAQEBAhQBARY6hWoDAydiIDFXBxKDIYICqzwziiCHToQogVg/jnwCj2qPSAcCghQEjm4LGJBgLJcagUM3gVZNI4M8kHoeMI4VAQE X-IPAS-Result: A1A5AAANlOBbfSNjr8ZlHQEBBQEHBQGBUQgBCwGDaRYSjA6MGIINkjaEd4F6DYRsAoNRIjQNDQEDAQEBAQEBAhQBARY6hWoDAydiIDFXBxKDIYICqzwziiCHToQogVg/jnwCj2qPSAcCghQEjm4LGJBgLJcagUM3gVZNI4M8kHoeMI4VAQE X-IronPort-AV: E=Sophos;i="5.54,468,1534824000"; d="scan'208";a="407575" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 05 Nov 2018 14:05:08 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0E4AAAhk+BbfSNjr8ZlHQEBBQEHBQGBUQgBCwGDaRYSjA6MGIINkjaEd4F6DYRsAoNSIjQNDQEDAQEBAQEBAgEBAhABARY6L4I2IoJkAwMnYiAxVwcSgyGCAqs0M4ogh06EKIFYP458Ao9qj0gHAoIUBI5uCxiQYCyXGoFDN4FXTSODPJB6HjCOFQEB X-IPAS-Result: A0E4AAAhk+BbfSNjr8ZlHQEBBQEHBQGBUQgBCwGDaRYSjA6MGIINkjaEd4F6DYRsAoNSIjQNDQEDAQEBAQEBAgEBAhABARY6L4I2IoJkAwMnYiAxVwcSgyGCAqs0M4ogh06EKIFYP458Ao9qj0gHAoIUBI5uCxiQYCyXGoFDN4FXTSODPJB6HjCOFQEB X-IronPort-AV: E=Sophos;i="5.54,468,1534809600"; d="scan'208";a="7677511" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2018 19:05:07 +0000 Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga002-icc.fm.intel.com with ESMTP; 05 Nov 2018 11:05:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,468,1534834800"; d="scan'208";a="271567370" Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.103.117]) by orsmga005.jf.intel.com with ESMTP; 05 Nov 2018 11:05:06 -0800 From: Casey Schaufler <casey.schaufler@intel.com> To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Mon, 5 Nov 2018 11:05:03 -0800 Message-Id: <20181105190504.500-5-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20181105190504.500-1-casey.schaufler@intel.com> References: <20181105190504.500-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Mon, 05 Nov 2018 14:36:17 -0500 Subject: [PATCH v6 4/5] Capability: Complete PTRACE_MODE_SCHED X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
Series |
LSM: Support ptrace sidechannel access checks
|
expand
|
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 99cfddde6a55..0b6a9df51c3b 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -331,8 +331,6 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) !ptrace_has_cap(mm->user_ns, mode))) return -EPERM; - if (mode & PTRACE_MODE_SCHED) - return 0; return security_ptrace_access_check(task, mode); } diff --git a/security/commoncap.c b/security/commoncap.c index 2e489d6a3ac8..70a7e3d19c16 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -152,7 +152,8 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) if (cred->user_ns == child_cred->user_ns && cap_issubset(child_cred->cap_permitted, *caller_caps)) goto out; - if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) + if (!(mode & PTRACE_MODE_SCHED) && + ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) goto out; ret = -EPERM; out: