aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2009-11-20 12:12:22 -0500
committerEric W. Biederman <ebiederm@xmission.com>2009-11-20 12:23:22 -0500
commita4054b6b20e9c2cca63715a319759bf8d37d82fc (patch)
treec7d17dda2b79fbc4faacd88514b01f49c3c05169
parent6d4561110a3e9fa742aeec6717248a491dfb1878 (diff)
security/tomoyo: Add a special case to handle accesses through the internal proc mount.
With the change of sys_sysctl going through the internal proc mount we no longer need to handle security_sysctl in tomoyo as we have valid pathnames for all sysctl accesses. There is one slight caveat to that in that all of the paths from the internal mount look like "/sys/net/ipv4/ip_local_port_range" instead of "/proc/sys/net/ipv4/ip_local_port_range" so tomoyo needs to add the "/proc" portion manually when resolving to full path names to get what it expects. This change teaches tomoyo perform that modification. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r--security/tomoyo/realpath.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 5f2e33263371..0b55faab3b32 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -108,6 +108,15 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
108 spin_unlock(&dcache_lock); 108 spin_unlock(&dcache_lock);
109 path_put(&root); 109 path_put(&root);
110 path_put(&ns_root); 110 path_put(&ns_root);
111 /* Prepend "/proc" prefix if using internal proc vfs mount. */
112 if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) &&
113 (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) {
114 sp -= 5;
115 if (sp >= newname)
116 memcpy(sp, "/proc", 5);
117 else
118 sp = ERR_PTR(-ENOMEM);
119 }
111 } 120 }
112 if (IS_ERR(sp)) 121 if (IS_ERR(sp))
113 error = PTR_ERR(sp); 122 error = PTR_ERR(sp);