From 676dac4b1bee0469d6932f698aeb77e8489f5861 Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Thu, 2 Dec 2010 06:43:39 -0800 Subject: This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC --- security/smack/smackfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'security/smack/smackfs.c') diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index dc1fd6239f24..01a0be93d8d0 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -121,7 +121,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap) { nap->loginuid = audit_get_loginuid(current); nap->sessionid = audit_get_sessionid(current); - nap->secid = smack_to_secid(current_security()); + nap->secid = smack_to_secid(smk_of_current()); } /* @@ -1160,7 +1160,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { char in[SMK_LABELLEN]; - char *sp = current->cred->security; + char *sp = smk_of_task(current->cred->security); if (!capable(CAP_MAC_ADMIN)) return -EPERM; -- cgit v1.2.1