From ede19ea0c47fb23f3fc779833d1e57cf76f3371e Mon Sep 17 00:00:00 2001 From: Yannick GICQUEL Date: Mon, 19 Oct 2015 15:57:07 +0200 Subject: kernel: smack security backport from kernel 4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Here is the backport of all patches relating to smack support on kernel side. For more details, see file: meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README Please note that patches are applied only if "smack" is in the ditro features. Here are the 2 lines to add in the local.conf OVERRIDES .= ":smack" DISTRO_FEATURES_append = " smack" Change-Id: I147a3532aec531f977d6ec34c576261835711f1e Signed-off-by: Yannick GICQUEL Signed-off-by: José Bollo --- ...e-unneeded-NULL-termination-from-securtit.patch | 54 ++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch') diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch new file mode 100644 index 0000000..2c72253 --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0036-Smack-remove-unneeded-NULL-termination-from-securtit.patch @@ -0,0 +1,54 @@ +From a48c9922ebf7553ec8bcecb9a41e04e120c454ec Mon Sep 17 00:00:00 2001 +From: Konstantin Khlebnikov +Date: Thu, 7 Aug 2014 20:52:49 +0400 +Subject: [PATCH 36/54] Smack: remove unneeded NULL-termination from securtity + label + +Values of extended attributes are stored as binary blobs. NULL-termination +of them isn't required. It just wastes disk space and confuses command-line +tools like getfattr because they have to print that zero byte at the end. + +This patch removes terminating zero byte from initial security label in +smack_inode_init_security and cuts it out in function smack_inode_getsecurity +which is used by syscall getxattr. This change seems completely safe, because +function smk_parse_smack ignores everything after first zero byte. + +Signed-off-by: Konstantin Khlebnikov +--- + security/smack/smack_lsm.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 8d23c23..1befb0a 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -672,7 +672,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, + } + + if (len) +- *len = strlen(isp) + 1; ++ *len = strlen(isp); + + return 0; + } +@@ -1076,7 +1076,7 @@ static int smack_inode_getsecurity(const struct inode *inode, + + if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { + isp = smk_of_inode(inode); +- ilen = strlen(isp) + 1; ++ ilen = strlen(isp); + *buffer = isp; + return ilen; + } +@@ -1101,7 +1101,7 @@ static int smack_inode_getsecurity(const struct inode *inode, + else + return -EOPNOTSUPP; + +- ilen = strlen(isp) + 1; ++ ilen = strlen(isp); + if (rc == 0) { + *buffer = isp; + rc = ilen; +-- +2.1.4 + -- cgit 1.2.3-korg