summaryrefslogtreecommitdiffstats
path: root/security/smack/smack_access.c
diff options
context:
space:
mode:
authorLukasz Pawelczyk <l.pawelczyk@partner.samsung.com>2014-03-11 17:07:06 +0100
committerCasey Schaufler <casey@schaufler-ca.com>2014-04-11 23:34:35 +0200
commit668678185247303450e60df14569f94cf5775fea (patch)
tree2f2b77d7a2769745699e48685c9dbf26d8dd0c98 /security/smack/smack_access.c
parentSmack: unify all ptrace accesses in the smack (diff)
downloadlinux-668678185247303450e60df14569f94cf5775fea.tar.xz
linux-668678185247303450e60df14569f94cf5775fea.zip
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules. It adds a smackfs/ptrace interface that allows smack to be configured to require equal smack labels for PTRACE_MODE_ATTACH access. See the changes in Documentation/security/Smack.txt below for details. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r--security/smack/smack_access.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f161debed02b..c062e9467b62 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -304,7 +304,10 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
audit_log_untrustedstring(ab, sad->subject);
audit_log_format(ab, " object=");
audit_log_untrustedstring(ab, sad->object);
- audit_log_format(ab, " requested=%s", sad->request);
+ if (sad->request[0] == '\0')
+ audit_log_format(ab, " labels_differ");
+ else
+ audit_log_format(ab, " requested=%s", sad->request);
}
/**