diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-01-25 13:03:42 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-01-25 20:16:16 -0500 |
| commit | b1aa5301b9f88a4891061650c591fb8fe1c1d1da (patch) | |
| tree | 701ee5bf6cefbf7545c91ebab614fda7d6fd6a27 /security | |
| parent | 99f1c97dbdb30e958edfd1ced0ae43df62504e07 (diff) | |
selinux: fix labeling of /proc/net inodes
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials. Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/services.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f83b19daed16..4bf715d4cf29 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstype, | |||
| 1744 | struct ocontext *c; | 1744 | struct ocontext *c; |
| 1745 | int rc = 0, cmp = 0; | 1745 | int rc = 0, cmp = 0; |
| 1746 | 1746 | ||
| 1747 | while (path[0] == '/' && path[1] == '/') | ||
| 1748 | path++; | ||
| 1749 | |||
| 1747 | POLICY_RDLOCK; | 1750 | POLICY_RDLOCK; |
| 1748 | 1751 | ||
| 1749 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { | 1752 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |