git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9cfcac8) | patch
security: make LSMs explicitly mask off permissions
authorEric Paris <eparis@redhat.com>
Fri, 23 Jul 2010 15:43:57 +0000 (11:43 -0400)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:35:07 +0000 (15:35 +1000)
commitd09ca73979460b96d5d4684d588b188be9a1f57d
tree217543affc5c1c76181ffca00c23cfa69f1dd4f6tree | snapshot
parent9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7bcommit | diff
security: make LSMs explicitly mask off permissions

SELinux needs to pass the MAY_ACCESS flag so it can handle auditting
correctly.  Presently the masking of MAY_* flags is done in the VFS.  In
order to allow LSMs to decide what flags they care about and what flags
they don't just pass them all and the each LSM mask off what they don't
need.  This patch should contain no functional changes to either the VFS or
any LSM.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
fs/namei.c diff | blob | history
security/selinux/hooks.c diff | blob | history
security/smack/smack_lsm.c diff | blob | history
Pandora Kernel Repository