On Wednesday, March 05, 2014 01:40:22 PM Eric Paris wrote:
> On Wed, 2014-03-05 at 12:31 -0500, Stephen Smalley wrote:
> > On 03/05/2014 11:44 AM, Paul Moore wrote:
> > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > > index 57b0b49..d554e7e 100644
> > > --- a/security/selinux/hooks.c
> > > +++ b/security/selinux/hooks.c
> > > @@ -1419,15 +1419,32 @@ static int inode_doinit_with_dentry(struct inode
> > > *inode, struct dentry *opt_dent> >
> > > isec->sid = sbsec->sid;
> > >
> > > if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
> > >
> > > - if (opt_dentry) {
> > > - isec->sclass = inode_mode_to_security_class(inode-
>i_mode);
> > > - rc = selinux_proc_get_sid(opt_dentry,
> > > - isec->sclass,
> > > - &sid);
> > > - if (rc)
> > > - goto out_unlock;
> > > - isec->sid = sid;
> > > - }
> > > + /* Need a dentry, since the procfs API requires one. */
> >
> > Comment isn't accurate; unlike the xattr case where the dentry
> > requirement originates from the ->getxattr API, here we need a dentry
> > for our own internal selinux_proc_get_sid() helper. Otherwise, looks
> > fine.
>
> I guess I could have written that comment better...
>
> /* We must have a dentry to determine the label on procfs inodes */
>
> With a comment change like that
>
> Acked-by: Eric Paris <eparis@xxxxxxxxxx>
Updated. I'll push it to next later today.
--
paul moore
security and virtualization @ redhat
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
