This patch adds a new security attribute to Smack called

SMACK64EXEC. It defines label that is used while task is
running.

Exception: in smack_task_wait() child task is checked
for write access to parent task using label inherited
from the task that forked it.

Fixed issues from previous submit:
- SMACK64EXEC was not read when SMACK64 was not set.
- inode security blob was not updated after setting
  SMACK64EXEC
- inode security blob was not updated when removing
  SMACK64EXEC

1 files changed, 2 insertions, 2 deletions

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index dc1fd6239f24..01a0be93d8d0 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -121,7 +121,7 @@ static void smk_netlabel_audit_set(struct netlbl_audit *nap)
 {
         nap->loginuid = audit_get_loginuid(current);
         nap->sessionid = audit_get_sessionid(current);
-        nap->secid = smack_to_secid(current_security());
+        nap->secid = smack_to_secid(smk_of_current());
 }
 
 /*
@@ -1160,7 +1160,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
                                  size_t count, loff_t *ppos)
 {
         char in[SMK_LABELLEN];
-        char *sp = current->cred->security;
+        char *sp = smk_of_task(current->cred->security);
 
         if (!capable(CAP_MAC_ADMIN))
                 return -EPERM;