Hi Greg,
after the previous discussion about what kind of patches are acceptable for stable and your hints on how to send them to the ML in https://lore.kernel.org/all/YsrfDfe3urGkepvJ@kroah.com/ I'd like to know if this patch meets the requirements and if it can be considered.
I do have a few more similar ones which I think meet the stable requirements and finally the init-cleanup patch (upstream 3dfc9b02864bt "LSM: Initialize security_hook_heads upon registration.") which I'd like to backport to 4.9. But first I want to know whether I now got the formal requirements right before sending further patches.
Thanks, Alex
On 11.07.22 11:56, Alexander Grund wrote:
From: Stephen Smalley sds@tycho.nsa.gov
commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 upstream.
As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook.
<snip>