Skip to content
Snippets Groups Projects
Commit 0550cfe8 authored by KP Singh's avatar KP Singh Committed by Alexei Starovoitov
Browse files

security: Fix hook iteration for secid_to_secctx 


secid_to_secctx is not stackable, and since the BPF LSM registers this
hook by default, the call_int_hook logic is not suitable which
"bails-on-fail" and casues issues when other LSMs register this hook and
eventually breaks Audit.

In order to fix this, directly iterate over the security hooks instead
of using call_int_hook as suggested in:

https: //lore.kernel.org/bpf/9d0eb6c6-803a-ff3a-5603-9ad6d9edfc00@schaufler-ca.com/#t

Fixes: 98e828a0 ("security: Refactor declaration of LSM hooks")
Fixes: 625236ba ("security: Fix the default value of secid_to_secctx hook")
Reported-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarKP Singh <kpsingh@google.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarJames Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/bpf/20200520125616.193765-1-kpsingh@chromium.org
parent 20a785aa
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment