aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorDavid Quigley <dpquigl@tycho.nsa.gov>2006-06-30 01:55:47 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-30 11:25:37 -0700
commit8f95dc58d0505516f5cc212a966aea2f2cdb5e44 (patch)
tree2a57ad36db88621ee079fffe34b1cf9bff62b1f4 /kernel
parentf9008e4c5c525941967b67777945aa6266ab6326 (diff)
downloadkernel_goldelico_gta04-8f95dc58d0505516f5cc212a966aea2f2cdb5e44.zip
kernel_goldelico_gta04-8f95dc58d0505516f5cc212a966aea2f2cdb5e44.tar.gz
kernel_goldelico_gta04-8f95dc58d0505516f5cc212a966aea2f2cdb5e44.tar.bz2
[PATCH] SELinux: add security hook call to kill_proc_info_as_uid
This patch adds a call to the extended security_task_kill hook introduced by the prior patch to the kill_proc_info_as_uid function so that these signals can be properly mediated by security modules. It also updates the existing hook call in check_kill_permission. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/signal.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 52adf53..477d11a 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -584,7 +584,7 @@ static int check_kill_permission(int sig, struct siginfo *info,
&& !capable(CAP_KILL))
return error;
- error = security_task_kill(t, info, sig);
+ error = security_task_kill(t, info, sig, 0);
if (!error)
audit_signal_info(sig, t); /* Let audit system see the signal */
return error;
@@ -1107,7 +1107,7 @@ kill_proc_info(int sig, struct siginfo *info, pid_t pid)
/* like kill_proc_info(), but doesn't use uid/euid of "current" */
int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid,
- uid_t uid, uid_t euid)
+ uid_t uid, uid_t euid, u32 secid)
{
int ret = -EINVAL;
struct task_struct *p;
@@ -1127,6 +1127,9 @@ int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid,
ret = -EPERM;
goto out_unlock;
}
+ ret = security_task_kill(p, info, sig, secid);
+ if (ret)
+ goto out_unlock;
if (sig && p->sighand) {
unsigned long flags;
spin_lock_irqsave(&p->sighand->siglock, flags);