[PATCH][SELINUX] Defer inode security initialization

From: Stephen Smalley
Date: Mon Aug 16 2004 - 11:32:48 EST

Next message: Stephen Smalley: "[PATCH][SELINUX] Fix name_bind audit"
Previous message: Stephen Smalley: "[PATCH][SELINUX] Revalidate access to controlling tty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch defers setting the inode security state for newly created inodes
until after policy has been loaded. Please apply.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxxx>

security/selinux/hooks.c | 6 ++++++
1 files changed, 6 insertions(+)

diff -X /home/sds/dontdiff -ru linux-2.6.8.old/security/selinux/hooks.c linux-2.6.8/security/selinux/hooks.c
--- linux-2.6.8.old/security/selinux/hooks.c 2004-08-06 12:52:26.000000000 -0400
+++ linux-2.6.8/security/selinux/hooks.c 2004-08-06 12:54:11.356171296 -0400
@@ -1266,6 +1266,12 @@
int inode_security_set_sid(struct inode *inode, u32 sid)
{
struct inode_security_struct *isec = inode->i_security;
+ struct superblock_security_struct *sbsec = inode->i_sb->s_security;
+
+ if (!sbsec->initialized) {
+ /* Defer initialization to selinux_complete_init. */
+ return 0;
+ }

down(&isec->sem);
isec->sclass = inode_mode_to_security_class(inode->i_mode);

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Smalley: "[PATCH][SELINUX] Fix name_bind audit"
Previous message: Stephen Smalley: "[PATCH][SELINUX] Revalidate access to controlling tty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]