aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMichal Schmidt <mschmidt@redhat.com>2009-08-20 14:39:52 -0700
committerJames Morris <jmorris@namei.org>2009-08-24 11:33:40 +1000
commitd8e180dcd5bbbab9cd3ff2e779efcf70692ef541 (patch)
tree0d2f864e4673df4abf994e222616651409a91c0a /security
parentvfs: allow file truncations when both suid and write permissions set (diff)
downloadlinux-dev-d8e180dcd5bbbab9cd3ff2e779efcf70692ef541.tar.xz
linux-dev-d8e180dcd5bbbab9cd3ff2e779efcf70692ef541.zip
bsdacct: switch credentials for writing to the accounting file
When process accounting is enabled, every exiting process writes a log to the account file. In addition, every once in a while one of the exiting processes checks whether there's enough free space for the log. SELinux policy may or may not allow the exiting process to stat the fs. So unsuspecting processes start generating AVC denials just because someone enabled process accounting. For these filesystem operations, the exiting process's credentials should be temporarily switched to that of the process which enabled accounting, because it's really that process which wanted to have the accounting information logged. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions