This patch adds a new security attribute to Smack called

SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC
author: Casey Schaufler <casey@schaufler-ca.com> 2010-12-02 09:43:39 -0500
committer: Casey Schaufler <casey@schaufler-ca.com> 2010-12-02 09:43:39 -0500
commit: 676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree: 196b4cb35cf8dfdff0698dc4368cfd00acc7391a /include/linux/xattr.h
parent: 93ae86e759299718c611bc543b9b1633bf32905a (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index f1e5bde4b35a..351c7901d74a 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -40,9 +40,11 @@
 #define XATTR_SMACK_SUFFIX "SMACK64"
 #define XATTR_SMACK_IPIN "SMACK64IPIN"
 #define XATTR_SMACK_IPOUT "SMACK64IPOUT"
+#define XATTR_SMACK_EXEC "SMACK64EXEC"
 #define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
 #define XATTR_NAME_SMACKIPIN    XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
 #define XATTR_NAME_SMACKIPOUT   XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
+#define XATTR_NAME_SMACKEXEC    XATTR_SECURITY_PREFIX XATTR_SMACK_EXEC
 #define XATTR_CAPS_SUFFIX "capability"
 #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
author	Casey Schaufler <casey@schaufler-ca.com>	2010-12-02 09:43:39 -0500
committer	Casey Schaufler <casey@schaufler-ca.com>	2010-12-02 09:43:39 -0500
commit	676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree	196b4cb35cf8dfdff0698dc4368cfd00acc7391a /include/linux/xattr.h
parent	93ae86e759299718c611bc543b9b1633bf32905a (diff)