From a4054b6b20e9c2cca63715a319759bf8d37d82fc Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 20 Nov 2009 09:12:22 -0800 Subject: security/tomoyo: Add a special case to handle accesses through the internal proc mount. With the change of sys_sysctl going through the internal proc mount we no longer need to handle security_sysctl in tomoyo as we have valid pathnames for all sysctl accesses. There is one slight caveat to that in that all of the paths from the internal mount look like "/sys/net/ipv4/ip_local_port_range" instead of "/proc/sys/net/ipv4/ip_local_port_range" so tomoyo needs to add the "/proc" portion manually when resolving to full path names to get what it expects. This change teaches tomoyo perform that modification. Acked-by: Tetsuo Handa Acked-by: John Johansen Signed-off-by: Eric W. Biederman diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 5f2e332..0b55faa 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -108,6 +108,15 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, spin_unlock(&dcache_lock); path_put(&root); path_put(&ns_root); + /* Prepend "/proc" prefix if using internal proc vfs mount. */ + if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && + (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) { + sp -= 5; + if (sp >= newname) + memcpy(sp, "/proc", 5); + else + sp = ERR_PTR(-ENOMEM); + } } if (IS_ERR(sp)) error = PTR_ERR(sp); -- cgit v0.10.2