This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC

commit: 676dac4b1bee0469d6932f698aeb77e8489f5861 [log] [tgz]
author: Casey Schaufler <casey@schaufler-ca.com> Thu Dec 02 06:43:39 2010 -0800
committer: Casey Schaufler <casey@schaufler-ca.com> Thu Dec 02 06:43:39 2010 -0800
tree: 196b4cb35cf8dfdff0698dc4368cfd00acc7391a
parent: 93ae86e759299718c611bc543b9b1633bf32905a [diff] [blame]
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index dc1fd62..01a0be9 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c

@@ -121,7 +121,7 @@
 {
 	nap->loginuid = audit_get_loginuid(current);
 	nap->sessionid = audit_get_sessionid(current);
-	nap->secid = smack_to_secid(current_security());
+	nap->secid = smack_to_secid(smk_of_current());
 }
 
 /*
@@ -1160,7 +1160,7 @@
 				 size_t count, loff_t *ppos)
 {
 	char in[SMK_LABELLEN];
-	char *sp = current->cred->security;
+	char *sp = smk_of_task(current->cred->security);
 
 	if (!capable(CAP_MAC_ADMIN))
 		return -EPERM;
commit	676dac4b1bee0469d6932f698aeb77e8489f5861	[log] [tgz]
author	Casey Schaufler <casey@schaufler-ca.com>	Thu Dec 02 06:43:39 2010 -0800
committer	Casey Schaufler <casey@schaufler-ca.com>	Thu Dec 02 06:43:39 2010 -0800
tree	196b4cb35cf8dfdff0698dc4368cfd00acc7391a
parent	93ae86e759299718c611bc543b9b1633bf32905a [diff] [blame]