summaryrefslogtreecommitdiff
path: root/virt/kvm
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2014-12-13 04:19:19 +0300
committerCasey Schaufler <casey@schaufler-ca.com>2015-01-21 03:32:17 +0300
commit5e7270a6dd14fa6e3bb10128f200305b4a75f350 (patch)
tree586640992a1e76584e85a73f6651c018dffc8843 /virt/kvm
parent96be7b5424948ae39d29d5149eaec0bd6edd7404 (diff)
downloadlinux-5e7270a6dd14fa6e3bb10128f200305b4a75f350.tar.xz
Smack: Rework file hooks
This is one of those cases where you look at code you did years ago and wonder what you might have been thinking. There are a number of LSM hooks that work off of file pointers, and most of them really want the security data from the inode. Some, however, really want the security context that the process had when the file was opened. The difference went undetected in Smack until it started getting used in a real system with real testing. At that point it was clear that something was amiss. This patch corrects the misuse of the f_security value in several of the hooks. The behavior will not usually be any different, as the process had to be able to open the file in the first place, and the old check almost always succeeded, as will the new, but for different reasons. Thanks to the Samsung Tizen development team that identified this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'virt/kvm')
0 files changed, 0 insertions, 0 deletions