WORKAROUND: security: smack: Allow ptracing even processes in onlycap set

Change-Id: I708d19703da0f1b83950454fda1362bec7369b5c
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 5c90b9f..4f4ea64 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -440,6 +440,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
                        rc = 0;
                else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
                        rc = -EACCES;
+               else if (smack_ptrace_rule == SMACK_PTRACE_EXACT)
+                       rc = capable(CAP_SYS_PTRACE) != 0 ? 0 : -EACCES;
                else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
                        rc = 0;
                else