diff options
author | José Bollo <jose.bollo@iot.bzh> | 2018-02-28 19:26:57 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2018-12-18 10:54:16 +0100 |
commit | 7b8b8fcb546b70e4869229112640b6c8dcc5053f (patch) | |
tree | 785611881732895c74f24979d8ebbfc1488780a0 | |
parent | d69f1afa649453c511ff4e5c554066722e63bd91 (diff) |
linux-agl-4.14: Backport of Smack patch for cgroup2
This patch allows to correctly handle the cgroup
filesystem based on CGROUP2.
The patch is made available through the file
linux-agl-4.14.inc
Bug-AGL: SPEC-1016
Bug-AGL: SPEC-2006
Change-Id: I2dba8bf0341d699c66a098c18fcb22a65b930e58
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r-- | meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch | 40 | ||||
-rw-r--r-- | meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch new file mode 100644 index 000000000..c595dfdf5 --- /dev/null +++ b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch @@ -0,0 +1,40 @@ +From 63f5acdf097b7baca8d0f7056a037f8811b48aaa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Tue, 27 Feb 2018 17:06:21 +0100 +Subject: [PATCH] Smack: Handle CGROUP2 in the same way that CGROUP +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The new file system CGROUP2 isn't actually handled +by smack. This changes makes Smack treat equally +CGROUP and CGROUP2 items. + +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +--- + security/smack/smack_lsm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 03fdecba93bb..5d77ed04422c 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -3431,6 +3431,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) + if (opt_dentry->d_parent == opt_dentry) { + switch (sbp->s_magic) { + case CGROUP_SUPER_MAGIC: ++ case CGROUP2_SUPER_MAGIC: + /* + * The cgroup filesystem is never mounted, + * so there's no opportunity to set the mount +@@ -3474,6 +3475,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) + switch (sbp->s_magic) { + case SMACK_MAGIC: + case CGROUP_SUPER_MAGIC: ++ case CGROUP2_SUPER_MAGIC: + /* + * Casey says that it's a little embarrassing + * that the smack file system doesn't do +-- +2.14.3 + diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc index 9c32f466c..87249bdcd 100644 --- a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc +++ b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc @@ -5,5 +5,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux-4.14:" SRC_URI_append_with-lsm-smack = "\ file://Smack-Privilege-check-on-key-operations.patch \ + file://Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch \ " |