summaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_access.c2
-rw-r--r--security/smack/smack_lsm.c12
-rw-r--r--security/smack/smackfs.c6
3 files changed, 12 insertions, 8 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 86453db4333d..9637e107f7ea 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -431,7 +431,7 @@ char *smk_import(const char *string, int len)
* smack_from_secid - find the Smack label associated with a secid
* @secid: an integer that might be associated with a Smack label
*
- * Returns a pointer to the appropraite Smack label if there is one,
+ * Returns a pointer to the appropriate Smack label if there is one,
* otherwise a pointer to the invalid Smack label.
*/
char *smack_from_secid(const u32 secid)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 23c7a6d0c80c..400a5d5cde61 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -686,7 +686,7 @@ static int smack_inode_rename(struct inode *old_inode,
*
* Returns 0 if access is permitted, -EACCES otherwise
*/
-static int smack_inode_permission(struct inode *inode, int mask)
+static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
{
struct smk_audit_info ad;
@@ -696,6 +696,10 @@ static int smack_inode_permission(struct inode *inode, int mask)
*/
if (mask == 0)
return 0;
+
+ /* May be droppable after audit */
+ if (flags & IPERM_FLAG_RCU)
+ return -ECHILD;
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
smk_ad_setfield_u_fs_inode(&ad, inode);
return smk_curacc(smk_of_inode(inode), mask, &ad);
@@ -1794,7 +1798,7 @@ static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
* Casey says that CIPSO is good enough for now.
* It can be used to effect.
* It can also be abused to effect when necessary.
- * Appologies to the TSIG group in general and GW in particular.
+ * Apologies to the TSIG group in general and GW in particular.
*/
static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
{
@@ -2530,7 +2534,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
switch (sbp->s_magic) {
case SMACK_MAGIC:
/*
- * Casey says that it's a little embarassing
+ * Casey says that it's a little embarrassing
* that the smack file system doesn't do
* extended attributes.
*/
@@ -3084,7 +3088,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
/*
* We need to decide if we want to label the incoming connection here
* if we do we only need to label the request_sock and the stack will
- * propogate the wire-label to the sock when it is created.
+ * propagate the wire-label to the sock when it is created.
*/
hdr = ip_hdr(skb);
addr.sin_addr.s_addr = hdr->saddr;
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 90d1bbaaa6f3..f93460156dce 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -208,7 +208,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
if (*ppos != 0)
return -EINVAL;
/*
- * Minor hack for backward compatability
+ * Minor hack for backward compatibility
*/
if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN)
return -EINVAL;
@@ -223,7 +223,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
}
/*
- * More on the minor hack for backward compatability
+ * More on the minor hack for backward compatibility
*/
if (count == (SMK_OLOADLEN))
data[SMK_OLOADLEN] = '-';
@@ -927,7 +927,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
}
} else {
/* we delete the unlabeled entry, only if the previous label
- * wasnt the special CIPSO option */
+ * wasn't the special CIPSO option */
if (skp->smk_label != smack_cipso_option)
rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
&skp->smk_host.sin_addr, &skp->smk_mask,