X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=security%2Fsmack%2Fsmackfs.c;h=271a835fbbe3f72f4e5465cbf84b9b271fa7e77a;hb=51597acfd3c09073aeea94a0e6f76a931f8c22d2;hp=cfae8afcc262d9fd9e18e3b79f45b5a3f4598bd8;hpb=7529963cb9c5db6821f0a00fc8426ebed79fc2e0;p=linux-2.6 diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index cfae8afcc2..271a835fbb 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -317,13 +317,14 @@ static const struct file_operations smk_load_ops = { /** * smk_cipso_doi - initialize the CIPSO domain */ -void smk_cipso_doi(void) +static void smk_cipso_doi(void) { int rc; struct cipso_v4_doi *doip; struct netlbl_audit audit_info; audit_info.loginuid = audit_get_loginuid(current); + audit_info.sessionid = audit_get_sessionid(current); audit_info.secid = smack_to_secid(current->security); rc = netlbl_cfg_map_del(NULL, &audit_info); @@ -350,12 +351,13 @@ void smk_cipso_doi(void) /** * smk_unlbl_ambient - initialize the unlabeled domain */ -void smk_unlbl_ambient(char *oldambient) +static void smk_unlbl_ambient(char *oldambient) { int rc; struct netlbl_audit audit_info; audit_info.loginuid = audit_get_loginuid(current); + audit_info.sessionid = audit_get_sessionid(current); audit_info.secid = smack_to_secid(current->security); if (oldambient != NULL) { @@ -965,12 +967,21 @@ static struct vfsmount *smackfs_mount; * * register the smackfs * - * Returns 0 unless the registration fails. + * Do not register smackfs if Smack wasn't enabled + * on boot. We can not put this method normally under the + * smack_init() code path since the security subsystem get + * initialized before the vfs caches. + * + * Returns true if we were not chosen on boot or if + * we were chosen and filesystem registration succeeded. */ static int __init init_smk_fs(void) { int err; + if (!security_module_enable(&smack_ops)) + return 0; + err = register_filesystem(&smk_fs_type); if (!err) { smackfs_mount = kern_mount(&smk_fs_type);