diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 6 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 1 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 23 |
4 files changed, 9 insertions, 23 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index db0fd9f33499..989fef82563a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -337,7 +337,7 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) * Look up an AVC entry that is valid for the * (@ssid, @tsid), interpreting the permissions * based on @tclass. If a valid AVC entry exists, - * then this function return the avc_node. + * then this function returns the avc_node. * Otherwise, this function returns NULL. */ static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) @@ -523,7 +523,7 @@ void avc_audit(u32 ssid, u32 tsid, * @perms: permissions * * Register a callback function for events in the set @events - * related to the SID pair (@ssid, @tsid) and + * related to the SID pair (@ssid, @tsid) * and the permissions @perms, interpreting * @perms based on @tclass. Returns %0 on success or * -%ENOMEM if insufficient memory exists to add the callback. @@ -568,7 +568,7 @@ static inline int avc_sidcmp(u32 x, u32 y) * * if a valid AVC entry doesn't exist,this function returns -ENOENT. * if kmalloc() called internal returns NULL, this function returns -ENOMEM. - * otherwise, this function update the AVC entry. The original AVC-entry object + * otherwise, this function updates the AVC entry. The original AVC-entry object * will release later by RCU. */ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a5721b373f53..5225e668dbf0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -387,7 +387,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) struct smk_audit_info ad; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); - smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint); + smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); smk_ad_setfield_u_fs_path_mnt(&ad, mnt); sbp = mnt->mnt_sb->s_security; diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8ccf12997378..588f36a9337e 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); if (!tomoyo_memory_ok(ptr)) { kfree(ptr); + ptr = NULL; goto ok; } for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index c00df45c7ede..cf7d61f781b9 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -88,29 +88,14 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, sp = dentry->d_op->d_dname(dentry, newname + offset, newname_len - offset); } else { - /* Taken from d_namespace_path(). */ - struct path root; - struct path ns_root = { }; - struct path tmp; + struct path ns_root = {.mnt = NULL, .dentry = NULL}; - read_lock(¤t->fs->lock); - root = current->fs->root; - path_get(&root); - read_unlock(¤t->fs->lock); - spin_lock(&vfsmount_lock); - if (root.mnt && root.mnt->mnt_ns) - ns_root.mnt = mntget(root.mnt->mnt_ns->root); - if (ns_root.mnt) - ns_root.dentry = dget(ns_root.mnt->mnt_root); - spin_unlock(&vfsmount_lock); spin_lock(&dcache_lock); - tmp = ns_root; - sp = __d_path(path, &tmp, newname, newname_len); + /* go to whatever namespace root we are under */ + sp = __d_path(path, &ns_root, newname, newname_len); spin_unlock(&dcache_lock); - path_put(&root); - path_put(&ns_root); /* Prepend "/proc" prefix if using internal proc vfs mount. */ - if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && + if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) && (path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) { sp -= 5; if (sp >= newname) |