diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-11-09 05:34:32 (GMT) |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-11-09 15:55:51 (GMT) |
commit | e517a0cd859ae0c4d9451107113fc2b076456f8f (patch) | |
tree | cf1c23d7d6715267ff7ee2b3dd5ba1c5ea8c0345 | |
parent | d34d7ae266b23932809c43f115fda71fc5e5fcb1 (diff) | |
download | linux-e517a0cd859ae0c4d9451107113fc2b076456f8f.tar.xz |
[PATCH] selinux: MLS compatibility
This patch enables files created on a MLS-enabled SELinux system to be
accessible on a non-MLS SELinux system, by skipping the MLS component of
the security context in the non-MLS case.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/selinux/ss/mls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index aaefac2..640d0bf 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc, struct cat_datum *catdatum, *rngdatum; int l, rc = -EINVAL; - if (!selinux_mls_enabled) + if (!selinux_mls_enabled) { + if (def_sid != SECSID_NULL && oldc) + *scontext += strlen(*scontext); return 0; + } /* * No MLS component to the security context, try and map to |