diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-07-29 14:29:55 +0900 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 15:38:38 +1000 |
| commit | 484ca79c653121d3c79fffb86e1deea724f2e20b (patch) | |
| tree | 457aa73e37c9b5e5b4306430f40d1985b59ca226 /security/tomoyo/mount.c | |
| parent | 4d6ec10bb4461fdc9a9ab94ef32934e13564e873 (diff) | |
TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute
permission and domainname to accept wildcards. But tomoyo_find_next_domain()
was using pathname passed to execve() rather than pathname specified by the
execute permission. As a result, processes were not able to transit to domains
which contain wildcards in their domainnames.
This patch passes pathname specified by the execute permission back to
tomoyo_find_next_domain() so that processes can transit to domains which
contain wildcards in their domainnames.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
| -rw-r--r-- | security/tomoyo/mount.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index cfeff871908e..82bf8c2390bc 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -60,7 +60,7 @@ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r) flags); } -static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r, +static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, const struct tomoyo_acl_info *ptr) { const struct tomoyo_mount_acl *acl = |