linux-uconsole

History

Stephen Smalley 6b13ae52ac selinux: avoid silent denials in permissive mode under RCU walk commit `3a28cff3bd` upstream. commit `0dc1ba24f7` ("SELINUX: Make selinux cache VFS RCU walks safe") results in no audit messages at all if in permissive mode because the cache is updated during the rcu walk and thus no denial occurs on the subsequent ref walk. Fix this by not updating the cache when performing a non-blocking permission check. This only affects search and symlink read checks during rcu walk. Fixes: `0dc1ba24f7` ("SELINUX: Make selinux cache VFS RCU walks safe") Reported-by: BMK <bmktuwien@gmail.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-05-08 07:21:54 +02:00
..
audit.h
avc.h	selinux: avoid silent denials in permissive mode under RCU walk	2019-05-08 07:21:54 +02:00
avc_ss.h	selinux: wrap AVC state	2018-03-20 16:58:17 -04:00
classmap.h	selinux: use kernel linux/socket.h for genheaders and mdp	2019-05-04 09:20:10 +02:00
conditional.h	selinux: wrap global selinux state	2018-03-01 18:48:02 -05:00
ibpkey.h	selinux: Add a cache for quicker retreival of PKey SIDs	2017-05-23 12:28:12 -04:00
initial_sid_to_string.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
netif.h	selinux: make the netif cache namespace aware	2014-09-10 17:09:57 -04:00
netlabel.h	selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration	2018-02-26 17:45:32 -05:00
netnode.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
netport.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
objsec.h	selinux: wrap global selinux state	2018-03-01 18:48:02 -05:00
security.h	selinux: wrap AVC state	2018-03-20 16:58:17 -04:00
xfrm.h	security: Remove rtnl_lock() in selinux_xfrm_notify_policyload()	2018-03-29 13:47:53 -04:00