diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-01-25 13:03:42 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-26 12:16:16 +1100 |
commit | b1aa5301b9f88a4891061650c591fb8fe1c1d1da (patch) | |
tree | 701ee5bf6cefbf7545c91ebab614fda7d6fd6a27 | |
parent | 99f1c97dbdb30e958edfd1ced0ae43df62504e07 (diff) | |
download | linux-b1aa5301b9f88a4891061650c591fb8fe1c1d1da.tar.bz2 |
selinux: fix labeling of /proc/net inodes
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials. Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/ss/services.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f83b19daed16..4bf715d4cf29 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstype, struct ocontext *c; int rc = 0, cmp = 0; + while (path[0] == '/' && path[1] == '/') + path++; + POLICY_RDLOCK; for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |