diff options
| author | James Morris <jmorris@namei.org> | 2010-03-30 17:39:27 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-03-30 17:39:27 -0400 |
| commit | d25d6fa1a95f465ff1ec4458ca15e30b2c8dffec (patch) | |
| tree | 7362b182dedd825fc762ef7706830837e42943af /security | |
| parent | 225a9be24d799aa16d543c31fb09f0c9ed1d9caa (diff) | |
| parent | 2eaa9cfdf33b8d7fb7aff27792192e0019ae8fc6 (diff) | |
Merge branch 'master' into next
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 6 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 1 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 23 |
4 files changed, 9 insertions, 23 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index db0fd9f33499..989fef82563a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -337,7 +337,7 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) | |||
| 337 | * Look up an AVC entry that is valid for the | 337 | * Look up an AVC entry that is valid for the |
| 338 | * (@ssid, @tsid), interpreting the permissions | 338 | * (@ssid, @tsid), interpreting the permissions |
| 339 | * based on @tclass. If a valid AVC entry exists, | 339 | * based on @tclass. If a valid AVC entry exists, |
| 340 | * then this function return the avc_node. | 340 | * then this function returns the avc_node. |
| 341 | * Otherwise, this function returns NULL. | 341 | * Otherwise, this function returns NULL. |
| 342 | */ | 342 | */ |
| 343 | static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) | 343 | static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) |
| @@ -523,7 +523,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 523 | * @perms: permissions | 523 | * @perms: permissions |
| 524 | * | 524 | * |
| 525 | * Register a callback function for events in the set @events | 525 | * Register a callback function for events in the set @events |
| 526 | * related to the SID pair (@ssid, @tsid) and | 526 | * related to the SID pair (@ssid, @tsid) |
| 527 | * and the permissions @perms, interpreting | 527 | * and the permissions @perms, interpreting |
| 528 | * @perms based on @tclass. Returns %0 on success or | 528 | * @perms based on @tclass. Returns %0 on success or |
| 529 | * -%ENOMEM if insufficient memory exists to add the callback. | 529 | * -%ENOMEM if insufficient memory exists to add the callback. |
| @@ -568,7 +568,7 @@ static inline int avc_sidcmp(u32 x, u32 y) | |||
| 568 | * | 568 | * |
| 569 | * if a valid AVC entry doesn't exist,this function returns -ENOENT. | 569 | * if a valid AVC entry doesn't exist,this function returns -ENOENT. |
| 570 | * if kmalloc() called internal returns NULL, this function returns -ENOMEM. | 570 | * if kmalloc() called internal returns NULL, this function returns -ENOMEM. |
| 571 | * otherwise, this function update the AVC entry. The original AVC-entry object | 571 | * otherwise, this function updates the AVC entry. The original AVC-entry object |
| 572 | * will release later by RCU. | 572 | * will release later by RCU. |
| 573 | */ | 573 | */ |
| 574 | static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, | 574 | static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a5721b373f53..5225e668dbf0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -387,7 +387,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
| 387 | struct smk_audit_info ad; | 387 | struct smk_audit_info ad; |
| 388 | 388 | ||
| 389 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 389 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); |
| 390 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint); | 390 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); |
| 391 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 391 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); |
| 392 | 392 | ||
| 393 | sbp = mnt->mnt_sb->s_security; | 393 | sbp = mnt->mnt_sb->s_security; |
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8ccf12997378..588f36a9337e 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned | |||
| 886 | ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); | 886 | ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); |
| 887 | if (!tomoyo_memory_ok(ptr)) { | 887 | if (!tomoyo_memory_ok(ptr)) { |
| 888 | kfree(ptr); | 888 | kfree(ptr); |
| 889 | ptr = NULL; | ||
| 889 | goto ok; | 890 | goto ok; |
| 890 | } | 891 | } |
| 891 | for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) | 892 | for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) |
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index c00df45c7ede..cf7d61f781b9 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c | |||
| @@ -88,29 +88,14 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, | |||
| 88 | sp = dentry->d_op->d_dname(dentry, newname + offset, | 88 | sp = dentry->d_op->d_dname(dentry, newname + offset, |
| 89 | newname_len - offset); | 89 | newname_len - offset); |
| 90 | } else { | 90 | } else { |
| 91 | /* Taken from d_namespace_path(). */ | 91 | struct path ns_root = {.mnt = NULL, .dentry = NULL}; |
| 92 | struct path root; | ||
| 93 | struct path ns_root = { }; | ||
| 94 | struct path tmp; | ||
| 95 | 92 | ||
| 96 | read_lock(¤t->fs->lock); | ||
| 97 | root = current->fs->root; | ||
| 98 | path_get(&root); | ||
| 99 | read_unlock(¤t->fs->lock); | ||
| 100 | spin_lock(&vfsmount_lock); | ||
| 101 | if (root.mnt && root.mnt->mnt_ns) | ||
| 102 | ns_root.mnt = mntget(root.mnt->mnt_ns->root); | ||
| 103 | if (ns_root.mnt) | ||
| 104 | ns_root.dentry = dget(ns_root.mnt->mnt_root); | ||
| 105 | spin_unlock(&vfsmount_lock); | ||
| 106 | spin_lock(&dcache_lock); | 93 | spin_lock(&dcache_lock); |
| 107 | tmp = ns_root; | 94 | /* go to whatever namespace root we are under */ |
| 108 | sp = __d_path(path, &tmp, newname, newname_len); | 95 | sp = __d_path(path, &ns_root, newname, newname_len); |
| 109 | spin_unlock(&dcache_lock); | 96 | spin_unlock(&dcache_lock); |
| 110 | path_put(&root); | ||
| 111 | path_put(&ns_root); | ||
| 112 | /* Prepend "/proc" prefix if using internal proc vfs mount. */ | 97 | /* Prepend "/proc" prefix if using internal proc vfs mount. */ |
| 113 | if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && | 98 | if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) && |
| 114 | (path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) { | 99 | (path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) { |
| 115 | sp -= 5; | 100 | sp -= 5; |
| 116 | if (sp >= newname) | 101 | if (sp >= newname) |