• Eric Paris's avatar
    capabilities: remove the task from capable LSM hook entirely · 6a9de491
    Eric Paris authored
    The capabilities framework is based around credentials, not necessarily the
    current task.  Yet we still passed the current task down into LSMs from the
    security_capable() LSM hook as if it was a meaningful portion of the security
    decision.  This patch removes the 'generic' passing of current and instead
    forces individual LSMs to use current explicitly if they think it is
    appropriate.  In our case those LSMs are SELinux and AppArmor.
    I believe the AppArmor use of current is incorrect, but that is wholely
    unrelated to this patch.  This patch does not change what AppArmor does, it
    just makes it clear in the AppArmor code that it is doing it.
    The SELinux code still uses current in it's audit message, which may also be
    wrong and needs further investigation.  Again this is NOT a change, it may
    have always been wrong, this patch just makes it clear what is happening.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
security.h 110 KB