diff options
author | Andreas Gruenbacher <agruenba@redhat.com> | 2016-02-18 12:04:08 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-02-19 16:29:19 -0500 |
commit | e817c2f33efb4aa7f02c98dfab9a5f8ff383ea7e (patch) | |
tree | e572b7e4fa493fba5cc7252d4bab26b1c81624dc | |
parent | b197367ed1ba81b0d26f7e7f76f61731ac6e5842 (diff) | |
download | op-kernel-dev-e817c2f33efb4aa7f02c98dfab9a5f8ff383ea7e.zip op-kernel-dev-e817c2f33efb4aa7f02c98dfab9a5f8ff383ea7e.tar.gz |
selinux: Don't sleep inside inode_getsecid hook
The inode_getsecid hook is called from contexts in which sleeping is not
allowed, so we cannot revalidate inode security labels from there. Use
the non-validating version of inode_security() instead.
Reported-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f8110cf..f1ab715 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3249,7 +3249,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t static void selinux_inode_getsecid(struct inode *inode, u32 *secid) { - struct inode_security_struct *isec = inode_security(inode); + struct inode_security_struct *isec = inode_security_novalidate(inode); *secid = isec->sid; } |