*
* Do the capability checks, and require read and write.
*/
-static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp)
+static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp,
+ unsigned int mode)
{
int rc;
- rc = cap_ptrace(ptp, ctp);
+ rc = cap_ptrace(ptp, ctp, mode);
if (rc != 0)
return rc;
*secid = smack_to_secid(smack);
}
-/* module stacking operations */
-
-/**
- * smack_register_security - stack capability module
- * @name: module name
- * @ops: module operations - ignored
- *
- * Allow the capability module to register.
- */
-static int smack_register_security(const char *name,
- struct security_operations *ops)
-{
- if (strcmp(name, "capability") != 0)
- return -EINVAL;
-
- printk(KERN_INFO "%s: Registering secondary module %s\n",
- __func__, name);
-
- return 0;
-}
-
/**
* smack_d_instantiate - Make sure the blob is correct on an inode
* @opt_dentry: unused
*/
final = sbsp->smk_default;
+ /*
+ * If this is the root inode the superblock
+ * may be in the process of initialization.
+ * If that is the case use the root value out
+ * of the superblock.
+ */
+ if (opt_dentry->d_parent == opt_dentry) {
+ isp->smk_inode = sbsp->smk_root;
+ isp->smk_flags |= SMK_INODE_INSTANT;
+ goto unlockandout;
+ }
+
/*
* This is pretty hackish.
* Casey says that we shouldn't have to do
.netlink_send = cap_netlink_send,
.netlink_recv = cap_netlink_recv,
- .register_security = smack_register_security,
-
.d_instantiate = smack_d_instantiate,
.getprocattr = smack_getprocattr,