summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/file.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-06-26 23:19:52 +0900
committerJames Morris <jmorris@namei.org>2011-06-29 09:31:21 +1000
commitbd03a3e4c9a9df0c6b007045fa7fc8889111a478 (patch)
tree9d78290c878e6466fe3e0bda7ee5989c0dc39e40 /security/tomoyo/file.c
parent32997144fd9925fc4d506a16990a0c405f766526 (diff)
downloadlinux-bd03a3e4c9a9df0c6b007045fa7fc8889111a478.tar.gz
linux-bd03a3e4c9a9df0c6b007045fa7fc8889111a478.tar.bz2
linux-bd03a3e4c9a9df0c6b007045fa7fc8889111a478.zip
TOMOYO: Add policy namespace support.
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r--security/tomoyo/file.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 4f8526af9069..323ddc73a125 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -603,7 +603,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
int error;
r->type = tomoyo_p2mac[operation];
- r->mode = tomoyo_get_mode(r->profile, r->type);
+ r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
if (r->mode == TOMOYO_CONFIG_DISABLED)
return 0;
r->param_type = TOMOYO_TYPE_PATH_ACL;