提交 36ea735b 编写于 作者: C Casey Schaufler

Smack: Label cgroup files for systemd

The cgroup filesystem isn't ready for an LSM to
properly use extented attributes. This patch makes
files created in the cgroup filesystem usable by
a system running Smack and systemd.

Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: NCasey Schaufler <casey@schaufler-ca.com>
上级 a6834c0b
...@@ -2821,6 +2821,15 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) ...@@ -2821,6 +2821,15 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
* of the superblock. * of the superblock.
*/ */
if (opt_dentry->d_parent == opt_dentry) { if (opt_dentry->d_parent == opt_dentry) {
if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
/*
* The cgroup filesystem is never mounted,
* so there's no opportunity to set the mount
* options.
*/
sbsp->smk_root = smack_known_star.smk_known;
sbsp->smk_default = smack_known_star.smk_known;
}
isp->smk_inode = sbsp->smk_root; isp->smk_inode = sbsp->smk_root;
isp->smk_flags |= SMK_INODE_INSTANT; isp->smk_flags |= SMK_INODE_INSTANT;
goto unlockandout; goto unlockandout;
...@@ -2834,16 +2843,20 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) ...@@ -2834,16 +2843,20 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
*/ */
switch (sbp->s_magic) { switch (sbp->s_magic) {
case SMACK_MAGIC: case SMACK_MAGIC:
case PIPEFS_MAGIC:
case SOCKFS_MAGIC:
case CGROUP_SUPER_MAGIC:
/* /*
* Casey says that it's a little embarrassing * Casey says that it's a little embarrassing
* that the smack file system doesn't do * that the smack file system doesn't do
* extended attributes. * extended attributes.
*/ *
final = smack_known_star.smk_known;
break;
case PIPEFS_MAGIC:
/*
* Casey says pipes are easy (?) * Casey says pipes are easy (?)
*
* Socket access is controlled by the socket
* structures associated with the task involved.
*
* Cgroupfs is special
*/ */
final = smack_known_star.smk_known; final = smack_known_star.smk_known;
break; break;
...@@ -2855,13 +2868,6 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) ...@@ -2855,13 +2868,6 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
*/ */
final = ckp->smk_known; final = ckp->smk_known;
break; break;
case SOCKFS_MAGIC:
/*
* Socket access is controlled by the socket
* structures associated with the task involved.
*/
final = smack_known_star.smk_known;
break;
case PROC_SUPER_MAGIC: case PROC_SUPER_MAGIC:
/* /*
* Casey says procfs appears not to care. * Casey says procfs appears not to care.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册