]> err.no Git - linux-2.6/commitdiff
projects / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d34d7ae)
[PATCH] selinux: MLS compatibility
authorStephen Smalley <sds@tycho.nsa.gov>
Wed, 9 Nov 2005 05:34:32 +0000 (21:34 -0800)
committerLinus Torvalds <torvalds@g5.osdl.org>
Wed, 9 Nov 2005 15:55:51 +0000 (07:55 -0800)
This patch enables files created on a MLS-enabled SELinux system to be
accessible on a non-MLS SELinux system, by skipping the MLS component of
the security context in the non-MLS case.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
security/selinux/ss/mls.c patch | blob | history

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index aaefac2921f1d94cedbd33f29afa631796e28503..640d0bfdbc6819e4ffa7845f1e10e92b5640e14a 100644 (file)
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
        struct cat_datum *catdatum, *rngdatum;
        int l, rc = -EINVAL;
 
-       if (!selinux_mls_enabled)
+       if (!selinux_mls_enabled) {
+               if (def_sid != SECSID_NULL && oldc)
+                       *scontext += strlen(*scontext);
                return 0;
+       }
 
        /*
         * No MLS component to the security context, try and map to
Linux 2.6 source tree