do_wait: return security_task_wait() error code in place of -ECHILD
This reverts the effect of commit f2cc3eb1 "do_wait: fix security checks". That change reverted the effect of commit 73243284 . The rationale for the original commit still stands. The inconsistent treatment of children hidden by ptrace was an unintended omission in the original change and in no way invalidates its purpose. This makes do_wait return the error returned by security_task_wait() (usually -EACCES) in place of -ECHILD when there are some children the caller would be able to wait for if not for the permission failure. A permission error will give the user a clue to look for security policy problems, rather than for mysterious wait bugs. Signed-off-by: Roland McGrath <roland@redhat.com>
parent
f470021a
Please register or sign in to comment