Skip to main content

Browse the archive

https://github.com/torvalds/linux
23 October 2021, 00:29:24 UTC
Revision a5a6579db33af91f4f5134e14be758dc71c1b694 authored by Jeff Vander Stoep on 12 March 2015, 23:26:17 UTC, committed by Linus Torvalds on 13 March 2015, 01:46:08 UTC 
mm: reorder can_do_mlock to fix audit denial
 
A userspace call to mmap(MAP_LOCKED) may result in the successful locking
of memory while also producing a confusing audit log denial.  can_do_mlock
checks capable and rlimit.  If either of these return positive
can_do_mlock returns true.  The capable check leads to an LSM hook used by
apparmour and selinux which produce the audit denial.  Reordering so
rlimit is checked first eliminates the denial on success, only recording a
denial when the lock is unsuccessful as a result of the denial.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Paul Cassella <cassella@cray.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent d3733e5
History
Tip revision: a5a6579db33af91f4f5134e14be758dc71c1b694 authored by Jeff Vander Stoep on 12 March 2015, 23:26:17 UTC
mm: reorder can_do_mlock to fix audit denial
Tip revision: a5a6579
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.gitignore -rw-r--r-- 1.2 KB
.mailmap -rw-r--r-- 4.9 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 94.0 KB
Kbuild -rw-r--r-- 2.1 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 298.2 KB
Makefile -rw-r--r-- 53.3 KB
README -rw-r--r-- 18.3 KB
REPORTING-BUGS -rw-r--r-- 7.3 KB

README

back to top