lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[PATCH] sysctl: fix the selinux_sysctl_get_sid

Browse Source 
I goofed and when reenabling the fine grained selinux labels for
sysctls and forgot to add the "/sys" prefix before consulting
the policy database.  When computing the same path using
proc_dir_entries we got the "/sys" for free as it was part
of the tree, but it isn't true for clt_table trees.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Eric W. Biederman
2007-02-14 00:34:15 -08:00
committed by Linus Torvalds
parent 3fbfa98112
commit b599fdfdb4
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security/selinux/hooks.c
View File

@@ -1451,6 +1451,12 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
path = end; path = end;
table = table->parent; table = table->parent;
} }
buflen -= 4;
if (buflen < 0)
goto out_free;
end -= 4;
memcpy(end, "/sys", 4);
path = end;
rc = security_genfs_sid("proc", path, tclass, sid); rc = security_genfs_sid("proc", path, tclass, sid);
out_free: out_free:
free_page((unsigned long)buffer); free_page((unsigned long)buffer);