Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

netlabel: Changes to the NetLabel security attributes to allow LSMs to pass full contexts

This patch provides support for including the LSM's secid in addition to
the LSM's MLS information in the NetLabel security attributes structure.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Paul Moore 17 years ago
parent
6c5b3fc014
commit
8d75899d03
2 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      include/net/netlabel.h
  2. 2 1
      security/selinux/ss/services.c

+ 1 - 1
include/net/netlabel.h
View File 

@@ -203,7 +203,7 @@ struct netlbl_lsm_secattr {
 
 	u32 type;
 
 	char *domain;
 
 	struct netlbl_lsm_cache *cache;
 
-	union {
 
+	struct {
 
 		struct {
 
 			struct netlbl_lsm_secattr_catmap *cat;
 
 			u32 lvl;

+ 2 - 1
security/selinux/ss/services.c
View File 

@@ -2803,7 +2803,8 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
 
 		rc = -ENOMEM;
 
 		goto netlbl_sid_to_secattr_failure;
 
 	}
 
-	secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY;
 
+	secattr->attr.secid = sid;
 
+	secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
 
 	mls_export_netlbl_lvl(ctx, secattr);
 
 	rc = mls_export_netlbl_cat(ctx, secattr);
 
 	if (rc != 0)