aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2018-02-28 19:26:57 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2018-12-18 10:54:16 +0100
commit7b8b8fcb546b70e4869229112640b6c8dcc5053f (patch)
tree785611881732895c74f24979d8ebbfc1488780a0
parentd69f1afa649453c511ff4e5c554066722e63bd91 (diff)
linux-agl-4.14: Backport of Smack patch for cgroup2
This patch allows to correctly handle the cgroup filesystem based on CGROUP2. The patch is made available through the file linux-agl-4.14.inc Bug-AGL: SPEC-1016 Bug-AGL: SPEC-2006 Change-Id: I2dba8bf0341d699c66a098c18fcb22a65b930e58 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch40
-rw-r--r--meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc1
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch
new file mode 100644
index 000000000..c595dfdf5
--- /dev/null
+++ b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch
@@ -0,0 +1,40 @@
+From 63f5acdf097b7baca8d0f7056a037f8811b48aaa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Tue, 27 Feb 2018 17:06:21 +0100
+Subject: [PATCH] Smack: Handle CGROUP2 in the same way that CGROUP
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The new file system CGROUP2 isn't actually handled
+by smack. This changes makes Smack treat equally
+CGROUP and CGROUP2 items.
+
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ security/smack/smack_lsm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index 03fdecba93bb..5d77ed04422c 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -3431,6 +3431,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
+ if (opt_dentry->d_parent == opt_dentry) {
+ switch (sbp->s_magic) {
+ case CGROUP_SUPER_MAGIC:
++ case CGROUP2_SUPER_MAGIC:
+ /*
+ * The cgroup filesystem is never mounted,
+ * so there's no opportunity to set the mount
+@@ -3474,6 +3475,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
+ switch (sbp->s_magic) {
+ case SMACK_MAGIC:
+ case CGROUP_SUPER_MAGIC:
++ case CGROUP2_SUPER_MAGIC:
+ /*
+ * Casey says that it's a little embarrassing
+ * that the smack file system doesn't do
+--
+2.14.3
+
diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc
index 9c32f466c..87249bdcd 100644
--- a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc
+++ b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc
@@ -5,5 +5,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux-4.14:"
SRC_URI_append_with-lsm-smack = "\
file://Smack-Privilege-check-on-key-operations.patch \
+ file://Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch \
"