The Security IDentifier to be associated to the newly created file
descriptor is computed from the credentials set in the 'f_cred' field of
the same structure instead of those relative to the 'current' process.
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
---
security/selinux/hooks.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0346d26..aff2d59 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -229,7 +229,7 @@ static void inode_free_security(struct inode *inode)
static int file_alloc_security(struct file *file)
{
struct file_security_struct *fsec;
- u32 sid = current_sid();
+ u32 sid = cred_sid(file->f_cred);
fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
if (!fsec)
--
1.7.2.3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
