• Paul Moore's avatar
    selinux: remove the SELinux lockdown implementation · f5d0e5e9
    Paul Moore authored
    NOTE: This patch intentionally omits any "Fixes:" metadata or stable
    tagging since it removes a SELinux access control check; while
    removing the control point is the right thing to do moving forward,
    removing it in stable kernels could be seen as a regression.
    
    The original SELinux lockdown implementation in 59438b46
    ("security,lockdown,selinux: implement SELinux lockdown") used the
    current task's credentials as both the subject and object in the
    SELinux lockdown hook, selinux_lockdown().  Unfortunately that
    proved to be incorrect in a number of cases as the core kernel was
    calling the LSM lockdown hook in places where the credentials from
    the "current" task_struct were not the correct credentials to use
    in the SELinux access check.
    
    Attempts were made to resolve this by adding a credential pointer
    to the LSM lockdown hook as well as suggesting that the single hook
    be split into two: one for user tasks, one for kernel tasks; however
    neither approach was deemed acceptable by Linus.  Faced with the
    prospect of either changing the subj/obj in the access check to a
    constant context (likely the kernel's label) or removing the SELinux
    lockdown check entirely, the SELinux community decided that removing
    the lockdown check was preferable.
    
    The supporting changes to the general LSM layer are left intact, this
    patch only removes the SELinux implementation.
    Acked-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    f5d0e5e9
classmap.h 8.23 KB