summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2008-01-25 13:03:42 -0500
committerJames Morris <jmorris@namei.org>2008-01-26 12:16:16 +1100
commitb1aa5301b9f88a4891061650c591fb8fe1c1d1da (patch)
tree701ee5bf6cefbf7545c91ebab614fda7d6fd6a27
parent99f1c97dbdb30e958edfd1ced0ae43df62504e07 (diff)
downloadlinux-b1aa5301b9f88a4891061650c591fb8fe1c1d1da.tar.bz2
selinux: fix labeling of /proc/net inodes
The proc net rewrite had a side effect on selinux, leading it to mislabel the /proc/net inodes, thereby leading to incorrect denials. Fix security_genfs_sid to ignore extra leading / characters in the path supplied by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...". Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/ss/services.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f83b19daed16..4bf715d4cf29 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstype,
struct ocontext *c;
int rc = 0, cmp = 0;
+ while (path[0] == '/' && path[1] == '/')
+ path++;
+
POLICY_RDLOCK;
for (genfs = policydb.genfs; genfs; genfs = genfs->next) {