blob: 51c3b31ec4ee946c9471aadfeaeb3d774c886c64 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 5bcea0fc4e5360deca133e211fdc76717a1693a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
Date: Tue, 12 Jan 2016 21:23:40 +0100
Subject: [PATCH 2/4] smack: fix cache of access labels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Before this commit, removing the access property of
a file, aka, the extended attribute security.SMACK64
was not effictive until the cache had been cleaned.
This patch fixes that problem.
Signed-off-by: José Bollo <jobol@nonadev.net>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/smack/smack_lsm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 487b2f3..b9393e3 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1256,9 +1256,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
* Don't do anything special for these.
* XATTR_NAME_SMACKIPIN
* XATTR_NAME_SMACKIPOUT
- * XATTR_NAME_SMACKEXEC
*/
- if (strcmp(name, XATTR_NAME_SMACK) == 0)
+ if (strcmp(name, XATTR_NAME_SMACK) == 0) {
+ struct super_block *sbp = d_backing_inode(dentry)->i_sb;
+ struct superblock_smack *sbsp = sbp->s_security;
+
+ isp->smk_inode = sbsp->smk_default;
+ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
isp->smk_task = NULL;
else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
isp->smk_mmap = NULL;
--
2.7.4
|