[PATCH] selinux: tracer SID fix

Fix SELinux to not reset the tracer SID when the child is already being traced, since selinux_ptrace is also called by proc for access checking outside of the context of a ptrace attach. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
xiaoqiangnk · Mar 11, 2006 · 341c2d8 · 341c2d8
1 parent 4136cab
commit 341c2d8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -1262,7 +1262,7 @@ static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
 
 	rc = task_has_perm(parent, child, PROCESS__PTRACE);
 	/* Save the SID of the tracing process for later use in apply_creds. */
-	if (!rc)
+	if (!(child->ptrace & PT_PTRACED) && !rc)
 		csec->ptrace_sid = psec->sid;
 	return rc;
 }