path: root/security/smack/smack.h
diff options
authorCasey Schaufler <casey@schaufler-ca.com>2013-12-23 11:07:10 -0800
committerCasey Schaufler <casey@schaufler-ca.com>2013-12-23 15:50:55 -0800
commit00f84f3f2e9d088f06722f4351d67f5f577abe22 (patch)
tree06ac369a9dac582d9d9710aba38c684f048774ba /security/smack/smack.h
parent19760ad03cc639d6f6f8e9beff0f8e6df654b677 (diff)
Smack: Make the syslog control configurable
The syslog control requires that the calling proccess have the floor ("_") Smack label. Tizen does not run any processes except for kernel helpers with the floor label. This changes allows the admin to configure a specific label for syslog. The default value is the star ("*") label, effectively removing the restriction. The value can be set using smackfs/syslog for anyone who wants a more restrictive behavior. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
1 files changed, 3 insertions, 2 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 364cc64fce71..d072fd32212d 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -241,7 +241,8 @@ u32 smack_to_secid(const char *);
extern int smack_cipso_direct;
extern int smack_cipso_mapped;
extern struct smack_known *smack_net_ambient;
-extern char *smack_onlycap;
+extern struct smack_known *smack_onlycap;
+extern struct smack_known *smack_syslog_label;
extern const char *smack_cipso_option;
extern struct smack_known smack_known_floor;
@@ -312,7 +313,7 @@ static inline int smack_privileged(int cap)
if (!capable(cap))
return 0;
- if (smack_onlycap == NULL || smack_onlycap == skp->smk_known)
+ if (smack_onlycap == NULL || smack_onlycap == skp)
return 1;
return 0;