[PATCH] slim: secfs inode->i_private build fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Due to the change from inode->u.generic_ip to inode->i_private in the mm
tree.  The slim securityfs file had a compilation error.  This minor
patch fixes this issue.

Signed-off-by: Mimi Zohar<[email protected]>
Signed-off-by: Kylene Hall<[email protected]>
---
 security/slim/slm_secfs.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

Index: linux-2.6.18-rc6-mm2/security/slim/slm_main.c
===================================================================
--- linux-2.6.18-rc6-mm2.orig/security/slim/slm_main.c
+++ linux-2.6.18-rc6-mm2/security/slim/slm_main.c
@@ -29,6 +29,8 @@
 
 #include "slim.h"
 
+extern struct security_operations dummy_security_ops;
+
 unsigned int slm_debug = SLM_BASE;
 #define XATTR_NAME "security.slim.level"
 
@@ -1196,43 +1199,48 @@ static int slm_task_post_setuid(uid_t ol
 				uid_t old_suid, int flags)
 {
 	struct slm_tsec_data *cur_tsec = current->security;
+	int rc;
 
-	if (cur_tsec && flags == LSM_SETID_ID) {
-		/*set process to USER level integrity for everything but root */
-		dprintk(SLM_VERBOSE, "ruid %d euid %d suid %d "
-			"cur: uid %d euid %d suid %d\n",
+	/*set process to USER level integrity for everything but root */
+	dprintk(SLM_VERBOSE, "ruid %d euid %d suid %d "
+			"cur: uid %d euid %d suid %d "
+			"permitted %x effective %x\n",
 			old_ruid, old_euid, old_suid,
-			current->uid, current->euid, current->suid);
-		spin_lock(&cur_tsec->lock);
-		if ((cur_tsec->iac_r == cur_tsec->iac_wx)
-		    && (cur_tsec->iac_r == SLM_IAC_UNTRUSTED)) {
-			dprintk(SLM_INTEGRITY,
-				"Integrity: pid %d iac_r %d "
-				" iac_wx %d remains UNTRUSTED\n",
-				current->pid, cur_tsec->iac_r,
-				cur_tsec->iac_wx);
-		} else if (current->suid != 0) {
-			dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
-				" iac_wx %d to USER\n",
-				current->pid, cur_tsec->iac_r,
-				cur_tsec->iac_wx);
-			cur_tsec->iac_r = SLM_IAC_USER;
-			cur_tsec->iac_wx = SLM_IAC_USER;
-		} else if ((current->uid == 0) && (old_ruid != 0)) {
-			dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
-				" iac_wx %d to SYSTEM\n",
-				current->pid, cur_tsec->iac_r,
-				cur_tsec->iac_wx);
-			cur_tsec->iac_r = SLM_IAC_SYSTEM;
-			cur_tsec->iac_wx = SLM_IAC_SYSTEM;
-		} else
-			dprintk(SLM_INTEGRITY, "%s: pid %d iac_r %d "
-				" iac_wx %d \n", __FUNCTION__,
-				current->pid, cur_tsec->iac_r,
-				cur_tsec->iac_wx);
-		spin_unlock(&cur_tsec->lock);
-	}
-	return 0;
+			current->uid, current->euid, current->suid,
+			current->cap_permitted, current->cap_effective);
+	rc = dummy_security_ops.task_post_setuid(old_ruid, old_euid,
+						 old_suid, flags);
+	spin_lock(&cur_tsec->lock);
+	if ((cur_tsec->iac_r == cur_tsec->iac_wx)
+	    && (cur_tsec->iac_r == SLM_IAC_UNTRUSTED)) {
+		dprintk(SLM_INTEGRITY,
+			"Integrity: pid %d iac_r %d "
+			" iac_wx %d remains UNTRUSTED\n",
+			current->pid, cur_tsec->iac_r,
+			cur_tsec->iac_wx);
+		current->cap_permitted = 0;
+		current->cap_effective = 0;
+	} else if (current->suid != 0) {
+		dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
+			" iac_wx %d to USER\n",
+			current->pid, cur_tsec->iac_r,
+			cur_tsec->iac_wx);
+		cur_tsec->iac_r = SLM_IAC_USER;
+		cur_tsec->iac_wx = SLM_IAC_USER;
+	} else if ((current->uid == 0) && (old_ruid != 0)) {
+		dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
+			" iac_wx %d to SYSTEM\n",
+			current->pid, cur_tsec->iac_r,
+			cur_tsec->iac_wx);
+		cur_tsec->iac_r = SLM_IAC_SYSTEM;
+		cur_tsec->iac_wx = SLM_IAC_SYSTEM;
+	} else
+		dprintk(SLM_INTEGRITY, "%s: pid %d iac_r %d "
+			" iac_wx %d \n", __FUNCTION__,
+			current->pid, cur_tsec->iac_r,
+			cur_tsec->iac_wx);
+	spin_unlock(&cur_tsec->lock);
+	return rc;
 }
 
 static inline int slm_setprocattr(struct task_struct *tsk,




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux