diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2010-12-02 06:43:39 -0800 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2010-12-02 06:43:39 -0800 |
| commit | 676dac4b1bee0469d6932f698aeb77e8489f5861 (patch) | |
| tree | 196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smackfs.c | |
| parent | 93ae86e759299718c611bc543b9b1633bf32905a (diff) | |
This patch adds a new security attribute to Smack called
SMACK64EXEC. It defines label that is used while task is
running.
Exception: in smack_task_wait() child task is checked
for write access to parent task using label inherited
from the task that forked it.
Fixed issues from previous submit:
- SMACK64EXEC was not read when SMACK64 was not set.
- inode security blob was not updated after setting
SMACK64EXEC
- inode security blob was not updated when removing
SMACK64EXEC
Diffstat (limited to 'security/smack/smackfs.c')
| -rw-r--r-- | security/smack/smackfs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index dc1fd6239f24..01a0be93d8d0 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -121,7 +121,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) { nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = smack_to_secid(current_security()); + nap->secid = smack_to_secid(smk_of_current()); } /* @@ -1160,7 +1160,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { char in[SMK_LABELLEN]; - char *sp = current->cred->security; + char *sp = smk_of_task(current->cred->security); if (!capable(CAP_MAC_ADMIN)) return -EPERM; |