diff options
author | Etienne Basset <etienne.basset@numericable.fr> | 2009-03-27 17:11:01 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-03-28 15:01:37 +1100 |
commit | 4303154e86597885bc3cbc178a48ccbc8213875f (patch) | |
tree | 11989bcc2ec5d9cd5a1b7952f169ec5cbd8abb8e /security/smack/smack_access.c | |
parent | 07feee8f812f7327a46186f7604df312c8c81962 (diff) |
smack: Add a new '-CIPSO' option to the network address label configuration
This patch adds a new special option '-CIPSO' to the Smack subsystem. When used
in the netlabel list, it means "use CIPSO networking". A use case is when your
local network speaks CIPSO and you want also to connect to the unlabeled
Internet. This patch also add some documentation describing that. The patch
also corrects an oops when setting a '' SMACK64 xattr to a file.
Signed-off-by: Etienne Basset <etienne.basset@numericable.fr>
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r-- | security/smack/smack_access.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 58564195bb09..ac0a2707f6d4 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -261,6 +261,9 @@ char *smk_import(const char *string, int len) { struct smack_known *skp; + /* labels cannot begin with a '-' */ + if (string[0] == '-') + return NULL; skp = smk_import_entry(string, len); if (skp == NULL) return NULL; |