diff options
author | Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> | 2014-03-11 17:07:06 +0100 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2014-04-11 23:34:35 +0200 |
commit | 668678185247303450e60df14569f94cf5775fea (patch) | |
tree | 2f2b77d7a2769745699e48685c9dbf26d8dd0c98 /security/smack/smack_access.c | |
parent | Smack: unify all ptrace accesses in the smack (diff) | |
download | linux-668678185247303450e60df14569f94cf5775fea.tar.xz linux-668678185247303450e60df14569f94cf5775fea.zip |
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'security/smack/smack_access.c')
-rw-r--r-- | security/smack/smack_access.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f161debed02b..c062e9467b62 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -304,7 +304,10 @@ static void smack_log_callback(struct audit_buffer *ab, void *a) audit_log_untrustedstring(ab, sad->subject); audit_log_format(ab, " object="); audit_log_untrustedstring(ab, sad->object); - audit_log_format(ab, " requested=%s", sad->request); + if (sad->request[0] == '\0') + audit_log_format(ab, " labels_differ"); + else + audit_log_format(ab, " requested=%s", sad->request); } /** |