diff options
| author |   Yannick GICQUEL <yannick.gicquel@iot.bzh> | 2015-10-19 15:57:07 +0200 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@172.30.200.200> | 2015-11-06 15:23:36 +0000 |
| commit | ede19ea0c47fb23f3fc779833d1e57cf76f3371e (patch) | |
| tree | 47d6fae2283c54def1871aaf2a73828ac68b1b34 /meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch | |
| parent | 1cd8ab18abca96e4ee108f80225058d875b28347 (diff) | |
kernel: smack security backport from kernel 4
Here is the backport of all patches relating to smack support
on kernel side. For more details, see file:
meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README
Please note that patches are applied only if "smack" is in the
ditro features. Here are the 2 lines to add in the local.conf
OVERRIDES .= ":smack"
DISTRO_FEATURES_append = " smack"
Change-Id: I147a3532aec531f977d6ec34c576261835711f1e
Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch')
| -rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch new file mode 100644 index 0000000..2c72253 --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch @@ -0,0 +1,54 @@ +From a48c9922ebf7553ec8bcecb9a41e04e120c454ec Mon Sep 17 00:00:00 2001 +From: Konstantin Khlebnikov <k.khlebnikov@samsung.com> +Date: Thu, 7 Aug 2014 20:52:49 +0400 +Subject: [PATCH 36/54] Smack: remove unneeded NULL-termination from securtity + label + +Values of extended attributes are stored as binary blobs. NULL-termination +of them isn't required. It just wastes disk space and confuses command-line +tools like getfattr because they have to print that zero byte at the end. + +This patch removes terminating zero byte from initial security label in +smack_inode_init_security and cuts it out in function smack_inode_getsecurity +which is used by syscall getxattr. This change seems completely safe, because +function smk_parse_smack ignores everything after first zero byte. + +Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com> +--- + security/smack/smack_lsm.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 8d23c23..1befb0a 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -672,7 +672,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, + } + + if (len) +- *len = strlen(isp) + 1; ++ *len = strlen(isp); + + return 0; + } +@@ -1076,7 +1076,7 @@ static int smack_inode_getsecurity(const struct inode *inode, + + if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { + isp = smk_of_inode(inode); +- ilen = strlen(isp) + 1; ++ ilen = strlen(isp); + *buffer = isp; + return ilen; + } +@@ -1101,7 +1101,7 @@ static int smack_inode_getsecurity(const struct inode *inode, + else + return -EOPNOTSUPP; + +- ilen = strlen(isp) + 1; ++ ilen = strlen(isp); + if (rc == 0) { + *buffer = isp; + rc = ilen; +-- +2.1.4 + |