tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
"Two minor code clean-ups: one removes constants left over from the old
mount API, while the other gets rid of an unneeded variable.

The other change fixes a flaw in handling IPv6 labeling"

* tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-next:
smack: cleanup obsolete mount option flags
smack: lsm: remove the unneeded result variable
SMACK: Add sk_clone_security LSM hook

Linus Torvalds 74a0f845 d0989d01

+17 -12
-9
security/smack/smack.h
··· 180 180 struct smack_known *smk_label; 181 181 }; 182 182 183 - /* Super block security struct flags for mount options */ 184 - #define FSDEFAULT_MNT 0x01 185 - #define FSFLOOR_MNT 0x02 186 - #define FSHAT_MNT 0x04 187 - #define FSROOT_MNT 0x08 188 - #define FSTRANS_MNT 0x10 189 - 190 - #define NUM_SMK_MNT_OPTS 5 191 - 192 183 enum { 193 184 Opt_error = -1, 194 185 Opt_fsdefault = 0,
+17 -3
security/smack/smack_lsm.c
··· 497 497 */ 498 498 static int smack_ptrace_traceme(struct task_struct *ptp) 499 499 { 500 - int rc; 501 500 struct smack_known *skp; 502 501 503 502 skp = smk_of_task(smack_cred(current_cred())); 504 503 505 - rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 506 - return rc; 504 + return smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); 507 505 } 508 506 509 507 /** ··· 2275 2277 } 2276 2278 #endif 2277 2279 kfree(sk->sk_security); 2280 + } 2281 + 2282 + /** 2283 + * smack_sk_clone_security - Copy security context 2284 + * @sk: the old socket 2285 + * @newsk: the new socket 2286 + * 2287 + * Copy the security context of the old socket pointer to the cloned 2288 + */ 2289 + static void smack_sk_clone_security(const struct sock *sk, struct sock *newsk) 2290 + { 2291 + struct socket_smack *ssp_old = sk->sk_security; 2292 + struct socket_smack *ssp_new = newsk->sk_security; 2293 + 2294 + *ssp_new = *ssp_old; 2278 2295 } 2279 2296 2280 2297 /** ··· 4895 4882 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), 4896 4883 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), 4897 4884 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), 4885 + LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security), 4898 4886 LSM_HOOK_INIT(sock_graft, smack_sock_graft), 4899 4887 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), 4900 4888 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),