summaryrefslogtreecommitdiff
path: root/security/smack/smack_access.c
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2010-12-02 17:43:39 +0300
committerCasey Schaufler <casey@schaufler-ca.com>2010-12-02 17:43:39 +0300
commit676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smack_access.c
parent93ae86e759299718c611bc543b9b1633bf32905a (diff)
downloadlinux-676dac4b1bee0469d6932f698aeb77e8489f5861.tar.xz
This patch adds a new security attribute to Smack called
SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r--security/smack/smack_access.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f4fac64c4da8..42becbc1ce33 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -185,7 +185,7 @@ out_audit:
int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
{
int rc;
- char *sp = current_security();
+ char *sp = smk_of_current();
rc = smk_access(sp, obj_label, mode, NULL);
if (rc == 0)
@@ -196,7 +196,7 @@ int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a)
* only one that gets privilege and current does not
* have that label.
*/
- if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
+ if (smack_onlycap != NULL && smack_onlycap != sp)
goto out_audit;
if (capable(CAP_MAC_OVERRIDE))