mirror of https://gitee.com/openkylin/linux.git
5663884caa
The decision whether we can trace a process is made in the following functions: smack_ptrace_traceme() smack_ptrace_access_check() smack_bprm_set_creds() (in case the proces is traced) This patch unifies all those decisions by introducing one function that checks whether ptrace is allowed: smk_ptrace_rule_check(). This makes possible to actually trace with TRACEME where first the TRACEME itself must be allowed and then exec() on a traced process. Additional bugs fixed: - The decision is made according to the mode parameter that is now correctly translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1. PTRACE_MODE_READ requires MAY_READ. PTRACE_MODE_ATTACH requires MAY_READWRITE. - Add a smack audit log in case of exec() refused by bprm_set_creds(). - Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info in case this flag is set. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com> |
||
---|---|---|
.. | ||
apparmor | ||
integrity | ||
keys | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
Kconfig | ||
Makefile | ||
capability.c | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
lsm_audit.c | ||
min_addr.c | ||
security.c |