diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2013-12-23 20:07:10 +0100 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2013-12-24 00:50:55 +0100 |
commit | 00f84f3f2e9d088f06722f4351d67f5f577abe22 (patch) | |
tree | 06ac369a9dac582d9d9710aba38c684f048774ba /security/smack/smack_lsm.c | |
parent | Smack: Prevent the * and @ labels from being used in SMACK64EXEC (diff) | |
download | linux-00f84f3f2e9d088f06722f4351d67f5f577abe22.tar.xz linux-00f84f3f2e9d088f06722f4351d67f5f577abe22.zip |
Smack: Make the syslog control configurable
The syslog control requires that the calling proccess
have the floor ("_") Smack label. Tizen does not run any
processes except for kernel helpers with the floor label.
This changes allows the admin to configure a specific
label for syslog. The default value is the star ("*")
label, effectively removing the restriction. The value
can be set using smackfs/syslog for anyone who wants
a more restrictive behavior.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r-- | security/smack/smack_lsm.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 62ebf4f8a6c7..67b7381d0244 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -219,8 +219,6 @@ static int smack_ptrace_traceme(struct task_struct *ptp) * smack_syslog - Smack approval on syslog * @type: message type * - * Require that the task has the floor label - * * Returns 0 on success, error code otherwise. */ static int smack_syslog(int typefrom_file) @@ -231,7 +229,7 @@ static int smack_syslog(int typefrom_file) if (smack_privileged(CAP_MAC_OVERRIDE)) return 0; - if (skp != &smack_known_floor) + if (smack_syslog_label != NULL && smack_syslog_label != skp) rc = -EACCES; return rc; |