diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-10-25 15:52:54 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-11-02 08:55:00 -0600 | 
| commit | 5cd9cd3537d1afca85877103615e61e6c03e7079 (patch) | |
| tree | 0ba41e172281c11897f2ef880543134c242461a5 /src/basic/signal-util.c | |
| parent | 133ddbbeae74fc06173633605b3e612e934bc2dd (diff) | |
execute: apply seccomp filters after changing selinux/aa/smack contexts
Seccomp is generally an unprivileged operation, changing security contexts is
most likely associated with some form of policy. Moreover, while seccomp may
influence our own flow of code quite a bit (much more than the security context
change) make sure to apply the seccomp filters immediately before executing the
binary to invoke.
This also moves enforcement of NNP after the security context change, so that
NNP cannot affect it anymore. (However, the security policy now has to permit
the NNP change).
This change has a good chance of breaking current SELinux/AA/SMACK setups, because
the policy might not expect this change of behaviour. However, it's technically
the better choice I think and should hence be applied.
Fixes: #3993
Diffstat (limited to 'src/basic/signal-util.c')
0 files changed, 0 insertions, 0 deletions
