tomoyo_dentry_open() must use the credentials it is given, not current's credentials. Signed-off-by: David Howells <dhowells@xxxxxxxxxx> --- security/tomoyo/tomoyo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 95d3f95..9d3a828 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -187,7 +187,7 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred) /* Don't check read permission here if called from do_execve(). */ if (current->in_execve) return 0; - return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); + return tomoyo_check_open_permission(cred->security, &f->f_path, flags); } static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
