summaryrefslogtreecommitdiffstats
path: root/security/smack/smackfs.c
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2013-12-19 13:23:26 -0800
committerCasey Schaufler <casey@schaufler-ca.com>2013-12-23 15:57:43 -0800
commit4afde48be8929b6da63a9e977aaff0894ba82984 (patch)
tree0e2ade1737801dd3a378278efabaaeaa7678cff5 /security/smack/smackfs.c
parent00f84f3f2e9d088f06722f4351d67f5f577abe22 (diff)
downloadlinux-stable-4afde48be8929b6da63a9e977aaff0894ba82984.tar.gz
linux-stable-4afde48be8929b6da63a9e977aaff0894ba82984.tar.bz2
linux-stable-4afde48be8929b6da63a9e977aaff0894ba82984.zip
Smack: change rule cap check
smk_write_change_rule() is calling capable rather than the more correct smack_privileged(). This allows for setting rules in violation of the onlycap facility. This is the simple repair. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smackfs.c')
-rw-r--r--security/smack/smackfs.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index f5a6bb8e2828..3198cfe1dcc6 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2152,7 +2152,7 @@ static ssize_t smk_write_change_rule(struct file *file, const char __user *buf,
/*
* Must have privilege.
*/
- if (!capable(CAP_MAC_ADMIN))
+ if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
return smk_write_rules_list(file, buf, count, ppos, NULL, NULL,