linux_dsm_epyc7002/security/selinux
Al Viro 4259fa01a2 [PATCH] get rid of AVC_PATH postponed treatment
Selinux folks had been complaining about the lack of AVC_PATH
records when audit is disabled.  I must admit my stupidity - I assumed
that avc_audit() really couldn't use audit_log_d_path() because of
deadlocks (== could be called with dcache_lock or vfsmount_lock held).
Shouldn't have made that assumption - it never gets called that way.
It _is_ called under spinlocks, but not those.

        Since audit_log_d_path() uses ab->gfp_mask for allocations,
kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
record.  It's trivial to do.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: James Morris <jmorris@namei.org>
2007-07-22 09:57:02 -04:00
..
include security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
ss mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
avc.c [PATCH] get rid of AVC_PATH postponed treatment 2007-07-22 09:57:02 -04:00
exports.c [PATCH] selinux: rename selinux_ctxid_to_string 2006-09-26 08:48:52 -07:00
hooks.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
Kconfig Fix trivial typos in Kconfig* files 2007-05-09 07:12:20 +02:00
Makefile SELinux: extract the NetLabel SELinux support from the security server 2007-04-26 01:35:48 -04:00
netif.c [PATCH] SELinux: convert to kzalloc 2005-10-30 17:37:11 -08:00
netlabel.c SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel 2007-07-19 10:21:13 -04:00
netlink.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
nlmsgtab.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
selinuxfs.c selinux: add selinuxfs structure for object class discovery 2007-07-11 22:52:20 -04:00
xfrm.c SELinux: peer secid consolidation for external network labeling 2006-12-02 21:24:14 -08:00