WORKAROUND: security: smack: Allow ptracing even processes in onlycap set

author Karol Lewandowski <k.lewandowsk@samsung.com>

Fri, 7 Aug 2020 11:49:30 +0000 (13:49 +0200)

committer Seung-Woo Kim <sw0312.kim@samsung.com>

Mon, 10 Aug 2020 05:00:33 +0000 (05:00 +0000)
author Karol Lewandowski <k.lewandowsk@samsung.com>
Fri, 7 Aug 2020 11:49:30 +0000 (13:49 +0200)
committer Seung-Woo Kim <sw0312.kim@samsung.com>
Mon, 10 Aug 2020 05:00:33 +0000 (05:00 +0000)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c

index 12c0fa8..7c5adf2 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -442,6 +442,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
                         rc = 0;
                 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
                         rc = -EACCES;
+               else if (smack_ptrace_rule == SMACK_PTRACE_EXACT)
+                       rc = capable(CAP_SYS_PTRACE) != 0 ? 0 : -EACCES;
                 else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
                         rc = 0;
                 else
author	Karol Lewandowski <k.lewandowsk@samsung.com>
	Fri, 7 Aug 2020 11:49:30 +0000 (13:49 +0200)
committer	Seung-Woo Kim <sw0312.kim@samsung.com>
	Mon, 10 Aug 2020 05:00:33 +0000 (05:00 +0000)