| commit | 9a87ea3ee51fb81e7a33b820a8bb59d23c7be9ef | |
| author | Stephen Smalley <sds@tycho.nsa.gov> | |
| Fri, 25 Jan 2008 18:03:42 +0000 (25 13:03 -0500) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Fri, 8 Feb 2008 19:46:28 +0000 (8 11:46 -0800) | ||
| tree | 463b3329ffb1ad9627e1d4cacd503e158fdef427 | treesnapshot (tar.gz zip) |
| parent | 3ecd7e88c999f6c73694c30359c4d084c5ab90be | commitdiff |
selinux: fix labeling of /proc/net inodes
patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline.
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials. Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline.
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials. Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| security/selinux/ss/services.c | diffblobblamehistory |