SELinux: Don't flush inherited SIGKILL during execve()
Don't flush inherited SIGKILL during execve() in SELinux's post cred commit hook. This isn't really a security problem: if the SIGKILL came before the credentials were changed, then we were right to receive it at the time, and should honour it; if it came after the creds were changed, then we definitely should honour it; and in any case, all that will happen is that the process will be scrapped before it ever returns to userspace. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NOleg Nesterov <oleg@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
Showing
想要评论请 注册 或 登录