Skip to content

Commit

Permalink
selinux: fix labeling of /proc/net inodes
Browse files Browse the repository at this point in the history 
The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials.  Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
  • Loading branch information
Stephen Smalley authored and James Morris committed Jan 26, 2008
1 parent 99f1c97 commit b1aa530
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions security/selinux/ss/services.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstype,
struct ocontext *c;
int rc = 0, cmp = 0;

while (path[0] == '/' && path[1] == '/')
path++;

POLICY_RDLOCK;

for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
Expand Down

0 comments on commit b1aa530

Please sign in to comment.