-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch against 2.6.0 adds a control to the SELinux module over the inheritance of signal-related state upon security context transitions in order to protect the new security context. If the permission is not granted by the policy for a given pair of contexts, then transitions between them will clear itimers, flush all pending signals, forcibly flush signal handlers, and unblock all signals. Roland McGrath provided input and feedback on the patch. Please apply, or let James Morris and me know if you'd like this to be resubmitted later. Thanks.
23644641