2006-09-18 18:49:07

by Kylene Jo Hall

Subject: [PATCH] slim: secfs inode->i_private build fix

Due to the change from inode->u.generic_ip to inode->i_private in the mm
tree. The slim securityfs file had a compilation error. This minor
patch fixes this issue.

Signed-off-by: Mimi Zohar<[email protected]>
Signed-off-by: Kylene Hall<[email protected]>
---
security/slim/slm_secfs.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

Index: linux-2.6.18-rc6-mm2/security/slim/slm_main.c
===================================================================
--- linux-2.6.18-rc6-mm2.orig/security/slim/slm_main.c
+++ linux-2.6.18-rc6-mm2/security/slim/slm_main.c
@@ -29,6 +29,8 @@

#include "slim.h"

+extern struct security_operations dummy_security_ops;
+
unsigned int slm_debug = SLM_BASE;
#define XATTR_NAME "security.slim.level"

@@ -1196,43 +1199,48 @@ static int slm_task_post_setuid(uid_t ol
uid_t old_suid, int flags)
{
struct slm_tsec_data *cur_tsec = current->security;
+ int rc;

- if (cur_tsec && flags == LSM_SETID_ID) {
- /*set process to USER level integrity for everything but root */
- dprintk(SLM_VERBOSE, "ruid %d euid %d suid %d "
- "cur: uid %d euid %d suid %d\n",
+ /*set process to USER level integrity for everything but root */
+ dprintk(SLM_VERBOSE, "ruid %d euid %d suid %d "
+ "cur: uid %d euid %d suid %d "
+ "permitted %x effective %x\n",
old_ruid, old_euid, old_suid,
- current->uid, current->euid, current->suid);
- spin_lock(&cur_tsec->lock);
- if ((cur_tsec->iac_r == cur_tsec->iac_wx)
- && (cur_tsec->iac_r == SLM_IAC_UNTRUSTED)) {
- dprintk(SLM_INTEGRITY,
- "Integrity: pid %d iac_r %d "
- " iac_wx %d remains UNTRUSTED\n",
- current->pid, cur_tsec->iac_r,
- cur_tsec->iac_wx);
- } else if (current->suid != 0) {
- dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
- " iac_wx %d to USER\n",
- current->pid, cur_tsec->iac_r,
- cur_tsec->iac_wx);
- cur_tsec->iac_r = SLM_IAC_USER;
- cur_tsec->iac_wx = SLM_IAC_USER;
- } else if ((current->uid == 0) && (old_ruid != 0)) {
- dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
- " iac_wx %d to SYSTEM\n",
- current->pid, cur_tsec->iac_r,
- cur_tsec->iac_wx);
- cur_tsec->iac_r = SLM_IAC_SYSTEM;
- cur_tsec->iac_wx = SLM_IAC_SYSTEM;
- } else
- dprintk(SLM_INTEGRITY, "%s: pid %d iac_r %d "
- " iac_wx %d \n", __FUNCTION__,
- current->pid, cur_tsec->iac_r,
- cur_tsec->iac_wx);
- spin_unlock(&cur_tsec->lock);
- }
- return 0;
+ current->uid, current->euid, current->suid,
+ current->cap_permitted, current->cap_effective);
+ rc = dummy_security_ops.task_post_setuid(old_ruid, old_euid,
+ old_suid, flags);
+ spin_lock(&cur_tsec->lock);
+ if ((cur_tsec->iac_r == cur_tsec->iac_wx)
+ && (cur_tsec->iac_r == SLM_IAC_UNTRUSTED)) {
+ dprintk(SLM_INTEGRITY,
+ "Integrity: pid %d iac_r %d "
+ " iac_wx %d remains UNTRUSTED\n",
+ current->pid, cur_tsec->iac_r,
+ cur_tsec->iac_wx);
+ current->cap_permitted = 0;
+ current->cap_effective = 0;
+ } else if (current->suid != 0) {
+ dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
+ " iac_wx %d to USER\n",
+ current->pid, cur_tsec->iac_r,
+ cur_tsec->iac_wx);
+ cur_tsec->iac_r = SLM_IAC_USER;
+ cur_tsec->iac_wx = SLM_IAC_USER;
+ } else if ((current->uid == 0) && (old_ruid != 0)) {
+ dprintk(SLM_INTEGRITY, "setting: pid %d iac_r %d "
+ " iac_wx %d to SYSTEM\n",
+ current->pid, cur_tsec->iac_r,
+ cur_tsec->iac_wx);
+ cur_tsec->iac_r = SLM_IAC_SYSTEM;
+ cur_tsec->iac_wx = SLM_IAC_SYSTEM;
+ } else
+ dprintk(SLM_INTEGRITY, "%s: pid %d iac_r %d "
+ " iac_wx %d \n", __FUNCTION__,
+ current->pid, cur_tsec->iac_r,
+ cur_tsec->iac_wx);
+ spin_unlock(&cur_tsec->lock);
+ return rc;
}

static inline int slm_setprocattr(struct task_struct *tsk,

2006-09-18 19:04:09

by Kylene Jo Hall

Subject: Re: [PATCH] slim: secfs inode->i_private build fix

Included the wrong patch the first time. Here is the correct patch.

Due to the change from inode->u.generic_ip to inode->i_private in the mm
tree. The slim securityfs file had a compilation error. This minor
patch fixes this issue.

Signed-off-by: Mimi Zohar<[email protected]>
Signed-off-by: Kylene Hall<[email protected]>
---
security/slim/slm_secfs.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

--- linux-2.6.18-rc6-mm2/security/slim/slm_secfs.c 2006-09-15 11:14:07.000000000 -0500
+++ linux-2.6.18-rc6-mm2-slim/security/slim/slm_secfs.c 2006-09-18 11:42:23.000000000 -0500
@@ -45,8 +45,8 @@ static ssize_t slm_read_level(struct fil

static int slm_open_debug(struct inode *inode, struct file *file)
{
- if (inode->u.generic_ip)
- file->private_data = inode->u.generic_ip;
+ if (inode->i_private)
+ file->private_data = inode->i_private;
return 0;
}