| Message ID | 20231207013356.20327-1-kamatam@amazon.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] selinux: remove the wrong comment about multithreaded process handling | expand |
On Dec 6, 2023 Munehisa Kamata <kamatam@amazon.com> wrote: > > Since commit d9250dea3f89 ("SELinux: add boundary support and thread > context assignment"), SELinux has been supporting assigning per-thread > security context under a constraint and the comment was updated > accordingly. However, seems like commit d84f4f992cbd ("CRED: Inaugurate > COW credentials") accidentally brought the old comment back that doesn't > match what the code does. > > Considering the ease of understanding the code, this patch just removes the > wrong comment. > > Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") > Signed-off-by: Munehisa Kamata <kamatam@amazon.com> > --- > > v1 -> v2: just remove the comment instead of bringing back the old one as suggested by Paul > > security/selinux/hooks.c | 1 - > 1 file changed, 1 deletion(-) Merged into selinux/dev, thanks! > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 855589b64641..863ff67e7849 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -6459,7 +6459,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) > if (sid == 0) > goto abort_change; > > - /* Only allow single threaded processes to change context */ > if (!current_is_single_threaded()) { > error = security_bounded_transition(tsec->sid, sid); > if (error) > -- > 2.40.1 -- paul-moore.com
On Thu, 2023-12-07 09:46:54 -0800, Paul Moore wrote: > > On Dec 6, 2023 Munehisa Kamata <kamatam@amazon.com> wrote: > > > > Since commit d9250dea3f89 ("SELinux: add boundary support and thread > > context assignment"), SELinux has been supporting assigning per-thread > > security context under a constraint and the comment was updated > > accordingly. However, seems like commit d84f4f992cbd ("CRED: Inaugurate > > COW credentials") accidentally brought the old comment back that doesn't > > match what the code does. > > > > Considering the ease of understanding the code, this patch just removes the > > wrong comment. > > > > Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") > > Signed-off-by: Munehisa Kamata <kamatam@amazon.com> > > --- > > > > v1 -> v2: just remove the comment instead of bringing back the old one as suggested by Paul > > > > security/selinux/hooks.c | 1 - > > 1 file changed, 1 deletion(-) > > Merged into selinux/dev, thanks! Thank you, too :) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index 855589b64641..863ff67e7849 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -6459,7 +6459,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) > > if (sid == 0) > > goto abort_change; > > > > - /* Only allow single threaded processes to change context */ > > if (!current_is_single_threaded()) { > > error = security_bounded_transition(tsec->sid, sid); > > if (error) > > -- > > 2.40.1 > > -- > paul-moore.com >
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 855589b64641..863ff67e7849 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6459,7 +6459,6 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) if (sid == 0) goto abort_change; - /* Only allow single threaded processes to change context */ if (!current_is_single_threaded()) { error = security_bounded_transition(tsec->sid, sid); if (error)
Since commit d9250dea3f89 ("SELinux: add boundary support and thread context assignment"), SELinux has been supporting assigning per-thread security context under a constraint and the comment was updated accordingly. However, seems like commit d84f4f992cbd ("CRED: Inaugurate COW credentials") accidentally brought the old comment back that doesn't match what the code does. Considering the ease of understanding the code, this patch just removes the wrong comment. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Signed-off-by: Munehisa Kamata <kamatam@amazon.com> --- v1 -> v2: just remove the comment instead of bringing back the old one as suggested by Paul security/selinux/hooks.c | 1 - 1 file changed, 1 deletion(-)