linux/security/selinux
David Howells e0e817392b CRED: Add some configurable debugging [try #6]
Add a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking
for credential management.  The additional code keeps track of the number of
pointers from task_structs to any given cred struct, and checks to see that
this number never exceeds the usage count of the cred struct (which includes
all references, not just those from task_structs).

Furthermore, if SELinux is enabled, the code also checks that the security
pointer in the cred struct is never seen to be invalid.

This attempts to catch the bug whereby inode_has_perm() faults in an nfsd
kernel thread on seeing cred->security be a NULL pointer (it appears that the
credential struct has been previously released):

	http://www.kerneloops.org/oops.php?number=252883

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-02 21:29:01 +10:00
..
include selinux: Support for the new TUN LSM hooks 2009-09-01 08:29:52 +10:00
ss Merge branch 'master' into next 2009-06-19 08:20:55 +10:00
avc.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00
exports.c CRED: Wrap current->cred and a few other accessors 2008-11-14 10:39:18 +11:00
hooks.c CRED: Add some configurable debugging [try #6] 2009-09-02 21:29:01 +10:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile
netif.c
netlabel.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00
netlink.c
netnode.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
netport.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
nlmsgtab.c SELinux: define audit permissions for audit tree netlink messages 2009-06-03 07:44:53 +10:00
selinuxfs.c selinux: remove obsolete read buffer limit from sel_read_bool 2009-05-19 23:56:11 +10:00
xfrm.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00