• Andi Kleen's avatar
    SECURITY: Move exec_permission RCU checks into security modules · 1c990429
    Andi Kleen authored
    Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
    is enabled, even though just the standard capability module is active.
    This is because security_inode_exec_permission unconditionally fails
    RCU walks.
    Move this decision to the low level security module. This requires
    passing the RCU flags down the security hook. This way at least
    the capability module and a few easy cases in selinux/smack work
    with RCU walks with CONFIG_SECURITY=y
    Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
security.c 32.4 KB