1 files changed, 8 insertions, 2 deletions

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 80f4b4a45725..160aa08e3cd5 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -139,7 +139,7 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION;
  * SMK_LOADLEN: Smack rule length
  */
 #define SMK_OACCESS     "rwxa"
-#define SMK_ACCESS      "rwxat"
+#define SMK_ACCESS      "rwxatl"
 #define SMK_OACCESSLEN  (sizeof(SMK_OACCESS) - 1)
 #define SMK_ACCESSLEN   (sizeof(SMK_ACCESS) - 1)
 #define SMK_OLOADLEN    (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
@@ -282,6 +282,10 @@ static int smk_perm_from_str(const char *string)
                 case 'T':
                         perm |= MAY_TRANSMUTE;
                         break;
+                case 'l':
+                case 'L':
+                        perm |= MAY_LOCK;
+                        break;
                 default:
                         return perm;
                 }
@@ -452,7 +456,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
                 /*
                  * Minor hack for backward compatibility
                  */
-                if (count != SMK_OLOADLEN && count != SMK_LOADLEN)
+                if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
                         return -EINVAL;
         } else {
                 if (count >= PAGE_SIZE) {
@@ -592,6 +596,8 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
                 seq_putc(s, 'a');
         if (srp->smk_access & MAY_TRANSMUTE)
                 seq_putc(s, 't');
+        if (srp->smk_access & MAY_LOCK)
+                seq_putc(s, 'l');
 
         seq_putc(s, '\n');
 }