diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2010-12-02 17:43:39 +0300 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2010-12-02 17:43:39 +0300 |
commit | 676dac4b1bee0469d6932f698aeb77e8489f5861 (patch) | |
tree | 196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smack_access.c | |
parent | 93ae86e759299718c611bc543b9b1633bf32905a (diff) | |
download | linux-676dac4b1bee0469d6932f698aeb77e8489f5861.tar.xz |
This patch adds a new security attribute to Smack called
SMACK64EXEC. It defines label that is used while task is
running.
Exception: in smack_task_wait() child task is checked
for write access to parent task using label inherited
from the task that forked it.
Fixed issues from previous submit:
- SMACK64EXEC was not read when SMACK64 was not set.
- inode security blob was not updated after setting
SMACK64EXEC
- inode security blob was not updated when removing
SMACK64EXEC
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r-- | security/smack/smack_access.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f4fac64c4da8..42becbc1ce33 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -185,7 +185,7 @@ out_audit: int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) { int rc; - char *sp = current_security(); + char *sp = smk_of_current(); rc = smk_access(sp, obj_label, mode, NULL); if (rc == 0) @@ -196,7 +196,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) * only one that gets privilege and current does not * have that label. */ - if (smack_onlycap != NULL && smack_onlycap != current->cred->security) + if (smack_onlycap != NULL && smack_onlycap != sp) goto out_audit; if (capable(CAP_MAC_OVERRIDE)) |