Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling

From: Eric W. Biederman
Date: Tue Feb 01 2011 - 14:33:32 EST

Next message: Oleg Nesterov: "Re: [PATCH 08/10] ptrace: participate in group stop fromptrace_stop() iff the task is trapping for group stop"
Previous message: Eric W. Biederman: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
In reply to: Eric W. Biederman: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
Next in thread: Lucian Adrian Grijincu: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lucian Adrian Grijincu <lucian.grijincu@xxxxxxxxx> writes:

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index e276eb4..5231b95 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -43,7 +43,6 @@
> #include <linux/fdtable.h>
> #include <linux/namei.h>
> #include <linux/mount.h>
> -#include <linux/proc_fs.h>
> #include <linux/netfilter_ipv4.h>
> #include <linux/netfilter_ipv6.h>
> #include <linux/tty.h>
> @@ -70,7 +69,6 @@
> #include <net/ipv6.h>
> #include <linux/hugetlb.h>
> #include <linux/personality.h>
> -#include <linux/sysctl.h>
> #include <linux/audit.h>
> #include <linux/string.h>
> #include <linux/selinux.h>
> @@ -1120,39 +1118,35 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
> }
>
> #ifdef CONFIG_PROC_FS
> -static int selinux_proc_get_sid(struct proc_dir_entry *de,
> +static int selinux_proc_get_sid(struct dentry *dentry,
> u16 tclass,
> u32 *sid)
> {
> - int buflen, rc;
> - char *buffer, *path, *end;
> + int rc;
> + char *buffer, *path;
>
> buffer = (char *)__get_free_page(GFP_KERNEL);
> if (!buffer)
> return -ENOMEM;
>
> - buflen = PAGE_SIZE;
> - end = buffer+buflen;
> - *--end = '\0';
> - buflen--;
> - path = end-1;
> - *path = '/';
> - while (de && de != de->parent) {
> - buflen -= de->namelen + 1;
> - if (buflen < 0)
> - break;
> - end -= de->namelen;
> - memcpy(end, de->name, de->namelen);
> - *--end = '/';
> - path = end;
> - de = de->parent;
> + path = dentry_path_raw(dentry, buffer, PAGE_SIZE);

What kernel has a dentry_path_raw? Perhaps you mean __dentry_path?

> + if (IS_ERR(path))
> + rc = PTR_ERR(path);
> + else {
> + /* each process gets a /proc/PID/ entry. Strip off the
> + * PID part to get a valid selinux labeling.
> + * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
> + while (path[1] >= '0' && path[1] <= '9') {
> + path[1] = '/';
> + path++;
> + }
> + rc = security_genfs_sid("proc", path, tclass, sid);
> }
> - rc = security_genfs_sid("proc", path, tclass, sid);
> free_page((unsigned long)buffer);
> return rc;
> }
> #else

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "Re: [PATCH 08/10] ptrace: participate in group stop fromptrace_stop() iff the task is trapping for group stop"
Previous message: Eric W. Biederman: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
In reply to: Eric W. Biederman: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
Next in thread: Lucian Adrian Grijincu: "Re: [PATCH 1/2] security/selinux: fix /proc/sys/ labeling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]