diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2014-04-10 19:35:36 -0400 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2014-04-11 17:35:19 -0400 |
| commit | f59bdfba3e2b0ba5182f23d96101d106f18132ca (patch) | |
| tree | 21fe374cf808cdbbc30d068d542ff2ea07849a35 /security/smack | |
| parent | 9598f4c9e7069aee8639be1e04e8af26b5a77fa2 (diff) | |
Smack: Correctly remove SMACK64TRANSMUTE attribute
Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack_lsm.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a5d86ffbf9a0..3d1c9086d0d6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1026,18 +1026,31 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) | |||
| 1026 | } else | 1026 | } else |
| 1027 | rc = cap_inode_removexattr(dentry, name); | 1027 | rc = cap_inode_removexattr(dentry, name); |
| 1028 | 1028 | ||
| 1029 | if (rc != 0) | ||
| 1030 | return rc; | ||
| 1031 | |||
| 1029 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); | 1032 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 1030 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 1033 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 1031 | if (rc == 0) | ||
| 1032 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | ||
| 1033 | 1034 | ||
| 1034 | if (rc == 0) { | 1035 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
| 1035 | isp = dentry->d_inode->i_security; | 1036 | if (rc != 0) |
| 1037 | return rc; | ||
| 1038 | |||
| 1039 | isp = dentry->d_inode->i_security; | ||
| 1040 | /* | ||
| 1041 | * Don't do anything special for these. | ||
| 1042 | * XATTR_NAME_SMACKIPIN | ||
| 1043 | * XATTR_NAME_SMACKIPOUT | ||
| 1044 | * XATTR_NAME_SMACKEXEC | ||
| 1045 | */ | ||
| 1046 | if (strcmp(name, XATTR_NAME_SMACK) == 0) | ||
| 1036 | isp->smk_task = NULL; | 1047 | isp->smk_task = NULL; |
| 1048 | else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) | ||
| 1037 | isp->smk_mmap = NULL; | 1049 | isp->smk_mmap = NULL; |
| 1038 | } | 1050 | else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) |
| 1051 | isp->smk_flags &= ~SMK_INODE_TRANSMUTE; | ||
| 1039 | 1052 | ||
| 1040 | return rc; | 1053 | return 0; |
| 1041 | } | 1054 | } |
| 1042 | 1055 | ||
| 1043 | /** | 1056 | /** |