Commit 74a0f845 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-next 

Pull smack updates from Casey Schaufler:
 "Two minor code clean-ups: one removes constants left over from the old
  mount API, while the other gets rid of an unneeded variable.

  The other change fixes a flaw in handling IPv6 labeling"

* tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-next:
  smack: cleanup obsolete mount option flags
  smack: lsm: remove the unneeded result variable
  SMACK: Add sk_clone_security LSM hook
parents d0989d01 cc71271f

security/smack/smack.h

+0 −9
Original line number Diff line number Diff line
@@ -180,15 +180,6 @@ struct smack_known_list_elem { 
	struct smack_known	*smk_label;

};



/* Super block security struct flags for mount options */

#define FSDEFAULT_MNT	0x01

#define FSFLOOR_MNT	0x02

#define FSHAT_MNT	0x04

#define FSROOT_MNT	0x08

#define FSTRANS_MNT	0x10



#define NUM_SMK_MNT_OPTS	5



enum {

	Opt_error = -1,

	Opt_fsdefault = 0,

security/smack/smack_lsm.c

+17 −3
Original line number Diff line number Diff line
@@ -497,13 +497,11 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 
 */

static int smack_ptrace_traceme(struct task_struct *ptp)

{

	int rc;

	struct smack_known *skp;



	skp = smk_of_task(smack_cred(current_cred()));



	rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);

	return rc;

	return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);

}



/**
@@ -2279,6 +2277,21 @@ static void smack_sk_free_security(struct sock *sk) 
	kfree(sk->sk_security);

}



/**

 * smack_sk_clone_security - Copy security context

 * @sk: the old socket

 * @newsk: the new socket

 *

 * Copy the security context of the old socket pointer to the cloned

 */

static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk)

{

	struct socket_smack *ssp_old = sk->sk_security;

	struct socket_smack *ssp_new = newsk->sk_security;



	*ssp_new = *ssp_old;

}



/**

* smack_ipv4host_label - check host based restrictions

* @sip: the object end
@@ -4882,6 +4895,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { 
	LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),

	LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),

	LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),

	LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),

	LSM_HOOK_INIT(sock_graft, smack_sock_graft),

	LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),

	LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),