From 668678185247303450e60df14569f94cf5775fea Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 11 Mar 2014 17:07:06 +0100 Subject: Smack: adds smackfs/ptrace interface This allows to limit ptrace beyond the regular smack access rules. It adds a smackfs/ptrace interface that allows smack to be configured to require equal smack labels for PTRACE_MODE_ATTACH access. See the changes in Documentation/security/Smack.txt below for details. Signed-off-by: Lukasz Pawelczyk Signed-off-by: Rafal Krypa --- security/smack/smack_access.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'security/smack/smack_access.c') diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index f161debed02b..c062e9467b62 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -304,7 +304,10 @@ static void smack_log_callback(struct audit_buffer *ab, void *a) audit_log_untrustedstring(ab, sad->subject); audit_log_format(ab, " object="); audit_log_untrustedstring(ab, sad->object); - audit_log_format(ab, " requested=%s", sad->request); + if (sad->request[0] == '\0') + audit_log_format(ab, " labels_differ"); + else + audit_log_format(ab, " requested=%s", sad->request); } /** -- cgit v1.2.3