summaryrefslogtreecommitdiff
path: root/security/smack/smack_lsm.c
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2013-12-23 11:07:10 -0800
committerCasey Schaufler <casey@schaufler-ca.com>2013-12-23 15:50:55 -0800
commit00f84f3f2e9d088f06722f4351d67f5f577abe22 (patch)
tree06ac369a9dac582d9d9710aba38c684f048774ba /security/smack/smack_lsm.c
parent19760ad03cc639d6f6f8e9beff0f8e6df654b677 (diff)
Smack: Make the syslog control configurable
The syslog control requires that the calling proccess have the floor ("_") Smack label. Tizen does not run any processes except for kernel helpers with the floor label. This changes allows the admin to configure a specific label for syslog. The default value is the star ("*") label, effectively removing the restriction. The value can be set using smackfs/syslog for anyone who wants a more restrictive behavior. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r--security/smack/smack_lsm.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 62ebf4f8a6c7..67b7381d0244 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -219,8 +219,6 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
* smack_syslog - Smack approval on syslog
* @type: message type
*
- * Require that the task has the floor label
- *
* Returns 0 on success, error code otherwise.
*/
static int smack_syslog(int typefrom_file)
@@ -231,7 +229,7 @@ static int smack_syslog(int typefrom_file)
if (smack_privileged(CAP_MAC_OVERRIDE))
return 0;
- if (skp != &smack_known_floor)
+ if (smack_syslog_label != NULL && smack_syslog_label != skp)
rc = -EACCES;
return rc;