mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Smack: Make the syslog control configurable

Browse Source 
The syslog control requires that the calling proccess
have the floor ("_") Smack label. Tizen does not run any
processes except for kernel helpers with the floor label.
This changes allows the admin to configure a specific
label for syslog. The default value is the star ("*")
label, effectively removing the restriction. The value
can be set using smackfs/syslog for anyone who wants
a more restrictive behavior.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Casey Schaufler
2013-12-23 11:07:10 -08:00
parent 19760ad03c
commit 00f84f3f2e
3 changed files with 99 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
security/smack/smack.h
View File

@@ -241,7 +241,8 @@ u32 smack_to_secid(const char *);
extern int smack_cipso_direct;
extern int smack_cipso_mapped;
extern struct smack_known *smack_net_ambient;
extern char *smack_onlycap;
extern struct smack_known *smack_onlycap;
extern struct smack_known *smack_syslog_label;
extern const char *smack_cipso_option;
extern struct smack_known smack_known_floor;
@@ -312,7 +313,7 @@ static inline int smack_privileged(int cap)
if (!capable(cap))
return 0;
if (smack_onlycap == NULL || smack_onlycap == skp->smk_known)
if (smack_onlycap == NULL || smack_onlycap == skp)
return 1;
return 0;
}