Re: SELinux lead to soft lockup when pid 1 proceess reap child

From: Paul Moore
Date: Mon Jan 09 2017 - 18:49:44 EST

Next message: Stephen Boyd: "Re: [PATCH 08/12] PM / OPP: Take kref from _find_opp_table()"
Previous message: Stephen Boyd: "Re: [PATCH 06/12] PM / OPP: Add 'struct kref' to struct dev_pm_opp"
In reply to: Stephen Smalley: "Re: SELinux lead to soft lockup when pid 1 proceess reap child"
Next in thread: Casey Schaufler: "Re: SELinux lead to soft lockup when pid 1 proceess reap child"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 9, 2017 at 1:43 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote:
>> Seriously, could someone explain why do we need the
>> security_task_wait()
>> hook at all?
>
> I would be ok with killing it.
> IIRC, the original motivation was to block an unauthorized data flow
> from child to parent when the child context differs, but part of that
> original design was also to reparent the child automatically, and that
> was never implemented. I don't think there is a real use case for it
> in practice and it just breaks things, so let's get rid of it unless
> someone objects.

Patches are always welcome, plenty of time to get things in for 4.11 :)

--
paul moore
www.paul-moore.com

Next message: Stephen Boyd: "Re: [PATCH 08/12] PM / OPP: Take kref from _find_opp_table()"
Previous message: Stephen Boyd: "Re: [PATCH 06/12] PM / OPP: Add 'struct kref' to struct dev_pm_opp"
In reply to: Stephen Smalley: "Re: SELinux lead to soft lockup when pid 1 proceess reap child"
Next in thread: Casey Schaufler: "Re: SELinux lead to soft lockup when pid 1 proceess reap child"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]