From 7b8b8fcb546b70e4869229112640b6c8dcc5053f Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 28 Feb 2018 19:26:57 +0100 Subject: linux-agl-4.14: Backport of Smack patch for cgroup2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch allows to correctly handle the cgroup filesystem based on CGROUP2. The patch is made available through the file linux-agl-4.14.inc Bug-AGL: SPEC-1016 Bug-AGL: SPEC-2006 Change-Id: I2dba8bf0341d699c66a098c18fcb22a65b930e58 Signed-off-by: José Bollo --- ...andle-CGROUP2-in-the-same-way-that-CGROUP.patch | 40 ++++++++++++++++++++++ .../recipes-kernel/linux/linux-agl-4.14.inc | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch new file mode 100644 index 000000000..c595dfdf5 --- /dev/null +++ b/meta-agl-bsp/recipes-kernel/linux/linux-4.14/Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch @@ -0,0 +1,40 @@ +From 63f5acdf097b7baca8d0f7056a037f8811b48aaa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Tue, 27 Feb 2018 17:06:21 +0100 +Subject: [PATCH] Smack: Handle CGROUP2 in the same way that CGROUP +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The new file system CGROUP2 isn't actually handled +by smack. This changes makes Smack treat equally +CGROUP and CGROUP2 items. + +Signed-off-by: José Bollo +--- + security/smack/smack_lsm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 03fdecba93bb..5d77ed04422c 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -3431,6 +3431,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) + if (opt_dentry->d_parent == opt_dentry) { + switch (sbp->s_magic) { + case CGROUP_SUPER_MAGIC: ++ case CGROUP2_SUPER_MAGIC: + /* + * The cgroup filesystem is never mounted, + * so there's no opportunity to set the mount +@@ -3474,6 +3475,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) + switch (sbp->s_magic) { + case SMACK_MAGIC: + case CGROUP_SUPER_MAGIC: ++ case CGROUP2_SUPER_MAGIC: + /* + * Casey says that it's a little embarrassing + * that the smack file system doesn't do +-- +2.14.3 + diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc index 9c32f466c..87249bdcd 100644 --- a/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc +++ b/meta-agl-bsp/recipes-kernel/linux/linux-agl-4.14.inc @@ -5,5 +5,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux-4.14:" SRC_URI_append_with-lsm-smack = "\ file://Smack-Privilege-check-on-key-operations.patch \ + file://Smack-Handle-CGROUP2-in-the-same-way-that-CGROUP.patch \ " -- cgit 1.2.3-korg