Merge branch 'master' into for-next

Fast-forwarded to current state of Linus' tree as there are patches to be applied for files that didn't exist on the old branch.
author: Jiri Kosina <jkosina@suse.cz> 2011-04-26 04:22:15 -0400
committer: Jiri Kosina <jkosina@suse.cz> 2011-04-26 04:22:59 -0400
commit: 07f9479a40cc778bc1462ada11f95b01360ae4ff (patch)
tree: 0676cf38df3844004bb3ebfd99dfa67a4a8998f5 /security
parent: 9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf (diff)
parent: cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff)
15 files changed, 163 insertions, 71 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index d21a427a35ae..ae3a698415e6 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -22,6 +22,7 @@
 #include <linux/ctype.h>
 #include <linux/sysctl.h>
 #include <linux/audit.h>
+#include <linux/user_namespace.h>
 #include <net/sock.h>
 #include "include/apparmor.h"
@@ -136,11 +137,11 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
 }
 static int apparmor_capable(struct task_struct *task, const struct cred *cred,
-                            int cap, int audit)
+                            struct user_namespace *ns, int cap, int audit)
 {
        struct aa_profile *profile;
        /* cap_capable returns 0 on success, else -EPERM */
-        int error = cap_capable(task, cred, cap, audit);
+        int error = cap_capable(task, cred, ns, cap, audit);
        if (!error) {
                profile = aa_cred_profile(cred);
                if (!unconfined(profile))
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 5cb4dc1f6992..06d764ccbbe5 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -195,7 +195,7 @@ void aa_dfa_free_kref(struct kref *kref)
 *
 * Unpack a dfa that has been serialized.  To find information on the dfa
 * format look in Documentation/apparmor.txt
- * Assumes the dfa @blob stream has been aligned on a 8 byte boundry
+ * Assumes the dfa @blob stream has been aligned on a 8 byte boundary
 *
 * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
 */
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index eb3700e9fd37..e33aaf7e5744 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -359,7 +359,7 @@ fail:
 * @e: serialized data extent information  (NOT NULL)
 * @profile: profile to add the accept table to (NOT NULL)
 *
- * Returns: 1 if table succesfully unpacked
+ * Returns: 1 if table successfully unpacked
 */
 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
 {
diff --git a/security/capability.c b/security/capability.c
index 2984ea4f776f..bbb51156261b 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry,
        return 0;
 }
-static int cap_inode_permission(struct inode *inode, int mask)
+static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)
 {
        return 0;
 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 49c57fd60aea..f20e984ccfb4 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -27,6 +27,7 @@
 #include <linux/sched.h>
 #include <linux/prctl.h>
 #include <linux/securebits.h>
+#include <linux/user_namespace.h>
 /*
 * If a non-root user executes a setuid-root binary in
@@ -67,6 +68,7 @@ EXPORT_SYMBOL(cap_netlink_recv);
 * cap_capable - Determine whether a task has a particular effective capability
 * @tsk: The task to query
 * @cred: The credentials to use
+ * @ns:  The user namespace in which we need the capability
 * @cap: The capability to check for
 * @audit: Whether to write an audit message or not
 *
@@ -78,10 +80,30 @@ EXPORT_SYMBOL(cap_netlink_recv);
 * cap_has_capability() returns 0 when a task has a capability, but the
 * kernel's capable() and has_capability() returns 1 for this case.
 */
-int cap_capable(struct task_struct *tsk, const struct cred *cred, int cap,
+int cap_capable(struct task_struct *tsk, const struct cred *cred,
-                int audit)
+                struct user_namespace *targ_ns, int cap, int audit)
 {
-        return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
+        for (;;) {
+                /* The creator of the user namespace has all caps. */
+                if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)
+                        return 0;
+                /* Do we have the necessary capabilities? */
+                if (targ_ns == cred->user->user_ns)
+                        return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
+                /* Have we tried all of the parent namespaces? */
+                if (targ_ns == &init_user_ns)
+                        return -EPERM;
+                /*
+                 *If you have a capability in a parent user ns, then you have
+                 * it over all children user namespaces as well.
+                 */
+                targ_ns = targ_ns->creator->user_ns;
+        }
+        /* We never get here */
 }
 /**
@@ -105,18 +127,30 @@ int cap_settime(const struct timespec *ts, const struct timezone *tz)
 * @child: The process to be accessed
 * @mode: The mode of attachment.
 *
+ * If we are in the same or an ancestor user_ns and have all the target
+ * task's capabilities, then ptrace access is allowed.
+ * If we have the ptrace capability to the target user_ns, then ptrace
+ * access is allowed.
+ * Else denied.
+ *
 * Determine whether a process may access another, returning 0 if permission
 * granted, -ve if denied.
 */
 int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
 {
        int ret = 0;
+        const struct cred *cred, *child_cred;
        rcu_read_lock();
-        if (!cap_issubset(__task_cred(child)->cap_permitted,
+        cred = current_cred();
-                          current_cred()->cap_permitted) &&
+        child_cred = __task_cred(child);
-            !capable(CAP_SYS_PTRACE))
+        if (cred->user->user_ns == child_cred->user->user_ns &&
-                ret = -EPERM;
+            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
+                goto out;
+        if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
+                goto out;
+        ret = -EPERM;
+out:
        rcu_read_unlock();
        return ret;
 }
@@ -125,18 +159,30 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
 * cap_ptrace_traceme - Determine whether another process may trace the current
 * @parent: The task proposed to be the tracer
 *
+ * If parent is in the same or an ancestor user_ns and has all current's
+ * capabilities, then ptrace access is allowed.
+ * If parent has the ptrace capability to current's user_ns, then ptrace
+ * access is allowed.
+ * Else denied.
+ *
 * Determine whether the nominated task is permitted to trace the current
 * process, returning 0 if permission is granted, -ve if denied.
 */
 int cap_ptrace_traceme(struct task_struct *parent)
 {
        int ret = 0;
+        const struct cred *cred, *child_cred;
        rcu_read_lock();
-        if (!cap_issubset(current_cred()->cap_permitted,
+        cred = __task_cred(parent);
-                          __task_cred(parent)->cap_permitted) &&
+        child_cred = current_cred();
-            !has_capability(parent, CAP_SYS_PTRACE))
+        if (cred->user->user_ns == child_cred->user->user_ns &&
-                ret = -EPERM;
+            cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
+                goto out;
+        if (has_ns_capability(parent, child_cred->user->user_ns, CAP_SYS_PTRACE))
+                goto out;
+        ret = -EPERM;
+out:
        rcu_read_unlock();
        return ret;
 }
@@ -176,7 +222,8 @@ static inline int cap_inh_is_capped(void)
        /* they are so limited unless the current task has the CAP_SETPCAP
         * capability
         */
-        if (cap_capable(current, current_cred(), CAP_SETPCAP,
+        if (cap_capable(current, current_cred(),
+                        current_cred()->user->user_ns, CAP_SETPCAP,
                        SECURITY_CAP_AUDIT) == 0)
                return 0;
        return 1;
@@ -828,7 +875,8 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                     & (new->securebits ^ arg2))                        /*[1]*/
                    || ((new->securebits & SECURE_ALL_LOCKS & ~arg2))   /*[2]*/
                    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))   /*[3]*/
-                    || (cap_capable(current, current_cred(), CAP_SETPCAP,
+                    || (cap_capable(current, current_cred(),
+                                    current_cred()->user->user_ns, CAP_SETPCAP,
                                    SECURITY_CAP_AUDIT) != 0)           /*[4]*/
                        /*
                         * [1] no changing of bits that are locked
@@ -893,7 +941,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
 {
        int cap_sys_admin = 0;
-        if (cap_capable(current, current_cred(), CAP_SYS_ADMIN,
+        if (cap_capable(current, current_cred(), &init_user_ns, CAP_SYS_ADMIN,
                        SECURITY_CAP_NOAUDIT) == 0)
                cap_sys_admin = 1;
        return __vm_enough_memory(mm, pages, cap_sys_admin);
@@ -920,7 +968,7 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
        int ret = 0;
        if (addr < dac_mmap_min_addr) {
-                ret = cap_capable(current, current_cred(), CAP_SYS_RAWIO,
+                ret = cap_capable(current, current_cred(), &init_user_ns, CAP_SYS_RAWIO,
                                  SECURITY_CAP_AUDIT);
                /* set PF_SUPERPRIV if it turns out we allow the low mmap */
                if (ret == 0)
diff --git a/security/security.c b/security/security.c
index 9187665a3fdd..4ba6d4cc061f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -154,29 +154,33 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
-int security_capable(const struct cred *cred, int cap)
+int security_capable(struct user_namespace *ns, const struct cred *cred,
+                     int cap)
 {
-        return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
+        return security_ops->capable(current, cred, ns, cap,
+                                     SECURITY_CAP_AUDIT);
 }
-int security_real_capable(struct task_struct *tsk, int cap)
+int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
+                          int cap)
 {
        const struct cred *cred;
        int ret;
        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
+        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
        put_cred(cred);
        return ret;
 }
-int security_real_capable_noaudit(struct task_struct *tsk, int cap)
+int security_real_capable_noaudit(struct task_struct *tsk,
+                                  struct user_namespace *ns, int cap)
 {
        const struct cred *cred;
        int ret;
        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
+        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
        put_cred(cred);
        return ret;
 }
@@ -514,16 +518,14 @@ int security_inode_permission(struct inode *inode, int mask)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
-        return security_ops->inode_permission(inode, mask);
+        return security_ops->inode_permission(inode, mask, 0);
 }
 int security_inode_exec_permission(struct inode *inode, unsigned int flags)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
-        if (flags)
+        return security_ops->inode_permission(inode, MAY_EXEC, flags);
-                return -ECHILD;
-        return security_ops->inode_permission(inode, MAY_EXEC);
 }
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9da6420e2056..1d027e29ce8d 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -471,6 +471,7 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 * @avd: access vector decisions
 * @result: result from avc_has_perm_noaudit
 * @a:  auxiliary audit data
+ * @flags: VFS walk flags
 *
 * Audit the granting or denial of permissions in accordance
 * with the policy.  This function is typically called by
@@ -481,9 +482,10 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 * be performed under a lock, to allow the lock to be released
 * before calling the auditing code.
 */
-void avc_audit(u32 ssid, u32 tsid,
+int avc_audit(u32 ssid, u32 tsid,
               u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct common_audit_data *a)
+               struct av_decision *avd, int result, struct common_audit_data *a,
+               unsigned flags)
 {
        struct common_audit_data stack_data;
        u32 denied, audited;
@@ -515,11 +517,24 @@ void avc_audit(u32 ssid, u32 tsid,
        else
                audited = requested & avd->auditallow;
        if (!audited)
-                return;
+                return 0;
        if (!a) {
                a = &stack_data;
                COMMON_AUDIT_DATA_INIT(a, NONE);
        }
+        /*
+         * When in a RCU walk do the audit on the RCU retry.  This is because
+         * the collection of the dname in an inode audit message is not RCU
+         * safe.  Note this may drop some audits when the situation changes
+         * during retry. However this is logically just as if the operation
+         * happened a little later.
+         */
+        if ((a->type == LSM_AUDIT_DATA_FS) &&
+            (flags & IPERM_FLAG_RCU))
+                return -ECHILD;
        a->selinux_audit_data.tclass = tclass;
        a->selinux_audit_data.requested = requested;
        a->selinux_audit_data.ssid = ssid;
@@ -529,6 +544,7 @@ void avc_audit(u32 ssid, u32 tsid,
        a->lsm_pre_audit = avc_audit_pre_callback;
        a->lsm_post_audit = avc_audit_post_callback;
        common_lsm_audit(a);
+        return 0;
 }
 /**
@@ -793,6 +809,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * @tclass: target security class
 * @requested: requested permissions, interpreted based on @tclass
 * @auditdata: auxiliary audit data
+ * @flags: VFS walk flags
 *
 * Check the AVC to determine whether the @requested permissions are granted
 * for the SID pair (@ssid, @tsid), interpreting the permissions
@@ -802,14 +819,19 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * permissions are granted, -%EACCES if any permissions are denied, or
 * another -errno upon other errors.
 */
-int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
+int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
-                 u32 requested, struct common_audit_data *auditdata)
+                       u32 requested, struct common_audit_data *auditdata,
+                       unsigned flags)
 {
        struct av_decision avd;
-        int rc;
+        int rc, rc2;
        rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
-        avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+        rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
+                        flags);
+        if (rc2)
+                return rc2;
        return rc;
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6475e1f0223e..f7cf0ea6faea 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -79,6 +79,7 @@
 #include <linux/mutex.h>
 #include <linux/posix-timers.h>
 #include <linux/syslog.h>
+#include <linux/user_namespace.h>
 #include "avc.h"
 #include "objsec.h"
@@ -1445,8 +1446,11 @@ static int task_has_capability(struct task_struct *tsk,
        }
        rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
-        if (audit == SECURITY_CAP_AUDIT)
+        if (audit == SECURITY_CAP_AUDIT) {
-                avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
+                int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
+                if (rc2)
+                        return rc2;
+        }
        return rc;
 }
@@ -1466,7 +1470,8 @@ static int task_has_system(struct task_struct *tsk,
 static int inode_has_perm(const struct cred *cred,
                          struct inode *inode,
                          u32 perms,
-                          struct common_audit_data *adp)
+                          struct common_audit_data *adp,
+                          unsigned flags)
 {
        struct inode_security_struct *isec;
        struct common_audit_data ad;
@@ -1486,7 +1491,7 @@ static int inode_has_perm(const struct cred *cred,
                ad.u.fs.inode = inode;
        }
-        return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
+        return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
 }
 /* Same as inode_has_perm, but pass explicit audit data containing
@@ -1503,7 +1508,7 @@ static inline int dentry_has_perm(const struct cred *cred,
        COMMON_AUDIT_DATA_INIT(&ad, FS);
        ad.u.fs.path.mnt = mnt;
        ad.u.fs.path.dentry = dentry;
-        return inode_has_perm(cred, inode, av, &ad);
+        return inode_has_perm(cred, inode, av, &ad, 0);
 }
 /* Check whether a task can use an open file descriptor to
@@ -1539,7 +1544,7 @@ static int file_has_perm(const struct cred *cred,
        /* av is zero if only checking access to the descriptor. */
        rc = 0;
        if (av)
-                rc = inode_has_perm(cred, inode, av, &ad);
+                rc = inode_has_perm(cred, inode, av, &ad, 0);
 out:
        return rc;
@@ -1846,11 +1851,11 @@ static int selinux_capset(struct cred *new, const struct cred *old,
 */
 static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
-                           int cap, int audit)
+                           struct user_namespace *ns, int cap, int audit)
 {
        int rc;
-        rc = cap_capable(tsk, cred, cap, audit);
+        rc = cap_capable(tsk, cred, ns, cap, audit);
        if (rc)
                return rc;
@@ -1931,7 +1936,8 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
 {
        int rc, cap_sys_admin = 0;
-        rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
+        rc = selinux_capable(current, current_cred(),
+                             &init_user_ns, CAP_SYS_ADMIN,
                             SECURITY_CAP_NOAUDIT);
        if (rc == 0)
                cap_sys_admin = 1;
@@ -2101,7 +2107,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
                        file = file_priv->file;
                        inode = file->f_path.dentry->d_inode;
                        if (inode_has_perm(cred, inode,
-                                           FILE__READ | FILE__WRITE, NULL)) {
+                                           FILE__READ | FILE__WRITE, NULL, 0)) {
                                drop_tty = 1;
                        }
                }
@@ -2633,7 +2639,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
        return dentry_has_perm(cred, NULL, dentry, FILE__READ);
 }
-static int selinux_inode_permission(struct inode *inode, int mask)
+static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)
 {
        const struct cred *cred = current_cred();
        struct common_audit_data ad;
@@ -2655,7 +2661,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
        perms = file_mask_to_av(inode->i_mode, mask);
-        return inode_has_perm(cred, inode, perms, &ad);
+        return inode_has_perm(cred, inode, perms, &ad, flags);
 }
 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
@@ -2723,7 +2729,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
        if (!(sbsec->flags & SE_SBLABELSUPP))
                return -EOPNOTSUPP;
-        if (!is_owner_or_cap(inode))
+        if (!inode_owner_or_capable(inode))
                return -EPERM;
        COMMON_AUDIT_DATA_INIT(&ad, FS);
@@ -2834,7 +2840,8 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
         * and lack of permission just means that we fall back to the
         * in-core context value, not a denial.
         */
-        error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
+        error = selinux_capable(current, current_cred(),
+                                &init_user_ns, CAP_MAC_ADMIN,
                                SECURITY_CAP_NOAUDIT);
        if (!error)
                error = security_sid_to_context_force(isec->sid, &context,
@@ -2968,7 +2975,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
        case KDSKBENT:
        case KDSKBSENT:
                error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
-                                            SECURITY_CAP_AUDIT);
+                                        SECURITY_CAP_AUDIT);
                break;
        /* default case assumes that the command will go
@@ -3202,7 +3209,7 @@ static int selinux_dentry_open(struct file *file, const struct cred *cred)
         * new inode label or new policy.
         * This check is not redundant - do not remove.
         */
-        return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
+        return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0);
 }
 /* task security operations */
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 5615081b73ec..e77b2ac2908b 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -54,11 +54,11 @@ struct avc_cache_stats {
 void __init avc_init(void);
-void avc_audit(u32 ssid, u32 tsid,
+int avc_audit(u32 ssid, u32 tsid,
               u16 tclass, u32 requested,
               struct av_decision *avd,
               int result,
-               struct common_audit_data *a);
+              struct common_audit_data *a, unsigned flags);
 #define AVC_STRICT 1 /* Ignore permissive mode. */
 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
@@ -66,9 +66,17 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
                         unsigned flags,
                         struct av_decision *avd);
-int avc_has_perm(u32 ssid, u32 tsid,
+int avc_has_perm_flags(u32 ssid, u32 tsid,
-                 u16 tclass, u32 requested,
+                       u16 tclass, u32 requested,
-                 struct common_audit_data *auditdata);
+                       struct common_audit_data *auditdata,
+                       unsigned);
+static inline int avc_has_perm(u32 ssid, u32 tsid,
+                               u16 tclass, u32 requested,
+                               struct common_audit_data *auditdata)
+{
+        return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0);
+}
 u32 avc_policy_seqno(void);
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 1c2fc46544bf..c3bf3ed07b06 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -151,7 +151,7 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
 *
 * Description:
 * Called when the NetLabel state of a sk_security_struct needs to be reset.
- * The caller is responsibile for all the NetLabel sk_security_struct locking.
+ * The caller is responsible for all the NetLabel sk_security_struct locking.
 *
 */
 void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 3e7544d2a07b..6ef4af47dac4 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -213,7 +213,7 @@ static u16 map_class(u16 pol_value)
                        return i;
        }
-        return pol_value;
+        return SECCLASS_NULL;
 }
 static void map_decision(u16 tclass, struct av_decision *avd,
@@ -2806,7 +2806,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
        case AUDIT_SUBJ_CLR:
        case AUDIT_OBJ_LEV_LOW:
        case AUDIT_OBJ_LEV_HIGH:
-                /* we do not allow a range, indicated by the presense of '-' */
+                /* we do not allow a range, indicated by the presence of '-' */
                if (strchr(rulestr, '-'))
                        return -EINVAL;
                break;
@@ -3075,7 +3075,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
 * Description:
 * Convert the given NetLabel security attributes in @secattr into a
 * SELinux SID.  If the @secattr field does not contain a full SELinux
- * SID/context then use SECINITSID_NETMSG as the foundation.  If possibile the
+ * SID/context then use SECINITSID_NETMSG as the foundation.  If possible the
 * 'cache' field of @secattr is set and the CACHE flag is set; this is to
 * allow the @secattr to be used by NetLabel to cache the secattr to SID
 * conversion for future lookups.  Returns zero on success, negative values on
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 86453db4333d..9637e107f7ea 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -431,7 +431,7 @@ char *smk_import(const char *string, int len)
 * smack_from_secid - find the Smack label associated with a secid
 * @secid: an integer that might be associated with a Smack label
 *
- * Returns a pointer to the appropraite Smack label if there is one,
+ * Returns a pointer to the appropriate Smack label if there is one,
 * otherwise a pointer to the invalid Smack label.
 */
 char *smack_from_secid(const u32 secid)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 23c7a6d0c80c..400a5d5cde61 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -686,7 +686,7 @@ static int smack_inode_rename(struct inode *old_inode,
 *
 * Returns 0 if access is permitted, -EACCES otherwise
 */
-static int smack_inode_permission(struct inode *inode, int mask)
+static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
 {
        struct smk_audit_info ad;
@@ -696,6 +696,10 @@ static int smack_inode_permission(struct inode *inode, int mask)
         */
        if (mask == 0)
                return 0;
+        /* May be droppable after audit */
+        if (flags & IPERM_FLAG_RCU)
+                return -ECHILD;
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
        smk_ad_setfield_u_fs_inode(&ad, inode);
        return smk_curacc(smk_of_inode(inode), mask, &ad);
@@ -1794,7 +1798,7 @@ static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
 * Casey says that CIPSO is good enough for now.
 * It can be used to effect.
 * It can also be abused to effect when necessary.
- * Appologies to the TSIG group in general and GW in particular.
+ * Apologies to the TSIG group in general and GW in particular.
 */
 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
 {
@@ -2530,7 +2534,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
        switch (sbp->s_magic) {
        case SMACK_MAGIC:
                /*
-                 * Casey says that it's a little embarassing
+                 * Casey says that it's a little embarrassing
                 * that the smack file system doesn't do
                 * extended attributes.
                 */
@@ -3084,7 +3088,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
        /*
         * We need to decide if we want to label the incoming connection here
         * if we do we only need to label the request_sock and the stack will
-         * propogate the wire-label to the sock when it is created.
+         * propagate the wire-label to the sock when it is created.
         */
        hdr = ip_hdr(skb);
        addr.sin_addr.s_addr = hdr->saddr;
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 90d1bbaaa6f3..f93460156dce 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -208,7 +208,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
        if (*ppos != 0)
                return -EINVAL;
        /*
-         * Minor hack for backward compatability
+         * Minor hack for backward compatibility
         */
        if (count < (SMK_OLOADLEN) || count > SMK_LOADLEN)
                return -EINVAL;
@@ -223,7 +223,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
        }
        /*
-         * More on the minor hack for backward compatability
+         * More on the minor hack for backward compatibility
         */
        if (count == (SMK_OLOADLEN))
                data[SMK_OLOADLEN] = '-';
@@ -927,7 +927,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
                }
        } else {
                /* we delete the unlabeled entry, only if the previous label
-                 * wasnt the special CIPSO option */
+                 * wasn't the special CIPSO option */
                if (skp->smk_label != smack_cipso_option)
                        rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
                                        &skp->smk_host.sin_addr, &skp->smk_mask,
diff --git a/security/tomoyo/load_policy.c b/security/tomoyo/load_policy.c
index bbada7ca1b91..3312e5624f24 100644
--- a/security/tomoyo/load_policy.c
+++ b/security/tomoyo/load_policy.c
@@ -23,7 +23,7 @@ static bool tomoyo_policy_loader_exists(void)
         * If the initrd includes /sbin/init but real-root-dev has not
         * mounted on / yet, activating MAC will block the system since
         * policies are not loaded yet.
-         * Thus, let do_execve() call this function everytime.
+         * Thus, let do_execve() call this function every time.
         */
        struct path path;
author	Jiri Kosina <jkosina@suse.cz>	2011-04-26 04:22:15 -0400
committer	Jiri Kosina <jkosina@suse.cz>	2011-04-26 04:22:59 -0400
commit	07f9479a40cc778bc1462ada11f95b01360ae4ff (patch)
tree	0676cf38df3844004bb3ebfd99dfa67a4a8998f5 /security
parent	9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf (diff)
parent	cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff)