Merge branch 'linus' into x86/memory-corruption-check

author: Ingo Molnar <mingo@elte.hu> 2008-10-12 15:05:39 +0200
committer: Ingo Molnar <mingo@elte.hu> 2008-10-12 15:05:39 +0200
commit: a9b9e81c915e4a57ac3b21d1a7fa7ff184639780 (patch)
tree: 98304395fbb5b9c74fca35b196cd414c1949f280 /security/smack/smack_access.c
parent: a8b71a2810386a5ac8f43d2095fe3355f0d8db37 (diff)
parent: fd048088306656824958e7783ffcee27e241b361 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index f6b5f6eed6dd..79ff21ed4c3b 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -157,7 +157,7 @@ int smk_access(char *subject_label, char *object_label, int request)
  *
  * This function checks the current subject label/object label pair
  * in the access rule list and returns 0 if the access is permitted,
- * non zero otherwise. It allows that current my have the capability
+ * non zero otherwise. It allows that current may have the capability
  * to override the rules.
  */
 int smk_curacc(char *obj_label, u32 mode)
@@ -168,6 +168,14 @@ int smk_curacc(char *obj_label, u32 mode)
 	if (rc == 0)
 		return 0;
 
+	/*
+	 * Return if a specific label has been designated as the
+	 * only one that gets privilege and current does not
+	 * have that label.
+	 */
+	if (smack_onlycap != NULL && smack_onlycap != current->security)
+		return rc;
+
 	if (capable(CAP_MAC_OVERRIDE))
 		return 0;
author	Ingo Molnar <mingo@elte.hu>	2008-10-12 15:05:39 +0200
committer	Ingo Molnar <mingo@elte.hu>	2008-10-12 15:05:39 +0200
commit	a9b9e81c915e4a57ac3b21d1a7fa7ff184639780 (patch)
tree	98304395fbb5b9c74fca35b196cd414c1949f280 /security/smack/smack_access.c
parent	a8b71a2810386a5ac8f43d2095fe3355f0d8db37 (diff)
parent	fd048088306656824958e7783ffcee27e241b361 (diff)