[PATCH] sysctl: fix the selinux_sysctl_get_sid
authorEric W. Biederman <ebiederm@xmission.com>
Wed, 14 Feb 2007 08:34:15 +0000 (00:34 -0800)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Wed, 14 Feb 2007 16:10:00 +0000 (08:10 -0800)
I goofed and when reenabling the fine grained selinux labels for
sysctls and forgot to add the "/sys" prefix before consulting
the policy database.  When computing the same path using
proc_dir_entries we got the "/sys" for free as it was part
of the tree, but it isn't true for clt_table trees.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
security/selinux/hooks.c

index 118ddfb614eeef678bbb5803338ba1e1668ce082..b8ede1c7607b533699c3161db4f9b756226e464f 100644 (file)
@@ -1451,6 +1451,12 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
                path = end;
                table = table->parent;
        }
+       buflen -= 4;
+       if (buflen < 0)
+               goto out_free;
+       end -= 4;
+       memcpy(end, "/sys", 4);
+       path = end;
        rc = security_genfs_sid("proc", path, tclass, sid);
 out_free:
        free_page((unsigned long)buffer);