mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Smack: adds smackfs/ptrace interface

Browse Source 
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
This commit is contained in:
Lukasz Pawelczyk
2014-03-11 17:07:06 +01:00
committed by Casey Schaufler
parent 5663884caa
commit 6686781852
5 changed files with 118 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
security/smack/smack_access.c
View File

@@ -304,7 +304,10 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
audit_log_untrustedstring(ab, sad->subject);
audit_log_format(ab, " object=");
audit_log_untrustedstring(ab, sad->object);
audit_log_format(ab, " requested=%s", sad->request);
if (sad->request[0] == '\0')
audit_log_format(ab, " labels_differ");
else
audit_log_format(ab, " requested=%s", sad->request);
}
/**