]>
Commit | Line | Data |
---|---|---|
becca5a3 GKH |
1 | From b1aa5301b9f88a4891061650c591fb8fe1c1d1da Mon Sep 17 00:00:00 2001 |
2 | From: Stephen Smalley <sds@tycho.nsa.gov> | |
3 | Date: Fri, 25 Jan 2008 13:03:42 -0500 | |
4 | Subject: selinux: fix labeling of /proc/net inodes | |
5 | Message-ID: <Xine.LNX.4.64.0801261602360.32278@us.intercode.com.au> | |
6 | ||
7ab8ec81 GKH |
7 | From: Stephen Smalley <sds@tycho.nsa.gov> |
8 | ||
becca5a3 GKH |
9 | patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline. |
10 | ||
11 | The proc net rewrite had a side effect on selinux, leading it to mislabel | |
12 | the /proc/net inodes, thereby leading to incorrect denials. Fix | |
13 | security_genfs_sid to ignore extra leading / characters in the path supplied | |
14 | by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...". | |
15 | ||
16 | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> | |
17 | Signed-off-by: James Morris <jmorris@namei.org> | |
18 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
19 | ||
20 | --- | |
21 | security/selinux/ss/services.c | 3 +++ | |
22 | 1 file changed, 3 insertions(+) | |
23 | ||
24 | --- a/security/selinux/ss/services.c | |
25 | +++ b/security/selinux/ss/services.c | |
26 | @@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstyp | |
27 | struct ocontext *c; | |
28 | int rc = 0, cmp = 0; | |
29 | ||
30 | + while (path[0] == '/' && path[1] == '/') | |
31 | + path++; | |
32 | + | |
33 | POLICY_RDLOCK; | |
34 | ||
35 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |