diff options
author | James Morris <jmorris@namei.org> | 2008-10-13 21:51:44 +1100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-10-13 21:51:44 +1100 |
commit | cf7208a918ee58d5a5d739066e164dd292b88663 (patch) | |
tree | b0e2a86387cf904cd1d4b8b943d526ad1f3bb2d6 /security | |
parent | 117bf7d55de50f77823bb0389246b242001826b5 (diff) | |
parent | 4480f15b3306f43bbb0310d461142b4e897ca45b (diff) |
Merge branch 'master' into next-creds-subsys
Conflicts:
fs/ext4/ialloc.c
Manually resolved conflict w/ new creds API, also fixed up
fs/ext4/balloc.c.
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 2 | ||||
-rw-r--r-- | security/selinux/Kconfig | 3 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 11 |
4 files changed, 6 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index c91b1afc3bc0..875eea05769a 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -672,7 +672,7 @@ int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) * yet with increased caps. * So we check for increased caps on the target process. */ -static inline int cap_safe_nice(struct task_struct *p) +static int cap_safe_nice(struct task_struct *p) { int is_subset; diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index a436d1cfa88b..26301dd651d3 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -6,9 +6,6 @@ config SECURITY_SELINUX help This selects NSA Security-Enhanced Linux (SELinux). You will also need a policy configuration and a labeled filesystem. - You can obtain the policy compiler (checkpolicy), the utility for - labeling filesystems (setfiles), and an example policy configuration - from <http://www.nsa.gov/selinux/>. If you are unsure how to answer this question, answer N. config SECURITY_SELINUX_BOOTPARAM diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fe1d8f4ab56f..201a14eb4dff 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1324,7 +1324,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent /* Default to the fs superblock SID. */ isec->sid = sbsec->sid; - if (sbsec->proc) { + if (sbsec->proc && !S_ISLNK(inode->i_mode)) { struct proc_inode *proci = PROC_I(inode); if (proci->pde) { isec->sclass = inode_mode_to_security_class(inode->i_mode); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 876b815c1ba4..ab0cc0c7b944 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2907,6 +2907,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, if (ctx == NULL) goto netlbl_secattr_to_sid_return; + context_init(&ctx_new); ctx_new.user = ctx->user; ctx_new.role = ctx->role; ctx_new.type = ctx->type; @@ -2915,13 +2916,9 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, secattr->attr.mls.cat) != 0) goto netlbl_secattr_to_sid_return; - ctx_new.range.level[1].cat.highbit = - ctx_new.range.level[0].cat.highbit; - ctx_new.range.level[1].cat.node = - ctx_new.range.level[0].cat.node; - } else { - ebitmap_init(&ctx_new.range.level[0].cat); - ebitmap_init(&ctx_new.range.level[1].cat); + memcpy(&ctx_new.range.level[1].cat, + &ctx_new.range.level[0].cat, + sizeof(ctx_new.range.level[0].cat)); } if (mls_context_isvalid(&policydb, &ctx_new) != 1) goto netlbl_secattr_to_sid_return_cleanup; |