diff options
| author | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2008-10-15 04:31:54 +0400 |
|---|---|---|
| committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2008-10-15 04:31:54 +0400 |
| commit | 6dc6472581f693b5fc95aebedf67b4960fb85cf0 (patch) | |
| tree | 06a5a9a08519950575505273eabced331ed51405 /security/smack/smack_access.c | |
| parent | ee673eaa72d8d185012b1027a05e25aba18c267f (diff) | |
| parent | 8acd3a60bcca17c6d89c73cee3ad6057eb83ba1e (diff) | |
| download | linux-6dc6472581f693b5fc95aebedf67b4960fb85cf0.tar.xz | |
Merge commit 'origin'
Manual fixup of conflicts on:
arch/powerpc/include/asm/dcr-regs.h
drivers/net/ibm_newemac/core.h
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f6b5f6eed6dd..79ff21ed4c3b 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -157,7 +157,7 @@ int smk_access(char *subject_label, char *object_label, int request) * * This function checks the current subject label/object label pair * in the access rule list and returns 0 if the access is permitted, - * non zero otherwise. It allows that current my have the capability + * non zero otherwise. It allows that current may have the capability * to override the rules. */ int smk_curacc(char *obj_label, u32 mode) @@ -168,6 +168,14 @@ int smk_curacc(char *obj_label, u32 mode) if (rc == 0) return 0; + /* + * Return if a specific label has been designated as the + * only one that gets privilege and current does not + * have that label. + */ + if (smack_onlycap != NULL && smack_onlycap != current->security) + return rc; + if (capable(CAP_MAC_OVERRIDE)) return 0; |