diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2013-12-23 11:07:10 -0800 |
|---|---|---|
| committer | Chanho Park <chanho61.park@samsung.com> | 2014-11-18 11:46:07 +0900 |
| commit | 3a3f16d56f189987dc47918d5ee093f9ac4c8a42 (patch) | |
| tree | 6a957f95c76afe7a2674cd9e5d439d6aadd9d438 /security/smack/smack_lsm.c | |
| parent | a54216436ae264432562965e7630ae0ff52719ea (diff) | |
| download | linux-3.10-3a3f16d56f189987dc47918d5ee093f9ac4c8a42.tar.gz linux-3.10-3a3f16d56f189987dc47918d5ee093f9ac4c8a42.tar.bz2 linux-3.10-3a3f16d56f189987dc47918d5ee093f9ac4c8a42.zip | |
Smack: Make the syslog control configurable
The syslog control requires that the calling proccess
have the floor ("_") Smack label. Tizen does not run any
processes except for kernel helpers with the floor label.
This changes allows the admin to configure a specific
label for syslog. The default value is the star ("*")
label, effectively removing the restriction. The value
can be set using smackfs/syslog for anyone who wants
a more restrictive behavior.
Change-Id: Ia4270bf8864bd8342e585bbdd4791fb8359e8916
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ćukasz Stelmach <l.stelmach@samsung.com>
Diffstat (limited to 'security/smack/smack_lsm.c')
| -rw-r--r-- | security/smack/smack_lsm.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f01cf51f25..cdbf92b34e7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -219,8 +219,6 @@ static int smack_ptrace_traceme(struct task_struct *ptp) * smack_syslog - Smack approval on syslog * @type: message type * - * Require that the task has the floor label - * * Returns 0 on success, error code otherwise. */ static int smack_syslog(int typefrom_file) @@ -231,7 +229,7 @@ static int smack_syslog(int typefrom_file) if (smack_privileged(CAP_MAC_OVERRIDE)) return 0; - if (skp != &smack_known_floor) + if (smack_syslog_label != NULL && smack_syslog_label != skp) rc = -EACCES; return rc; |