[PATCH 40/97] Smack: Restore the release_secctx hook
Casey Schaufler
casey at schaufler-ca.com
Thu Feb 28 22:18:36 UTC 2019
The secid_to_secctx() hook has to be balanced with a release_secctx
hook for stacking. This hook does nothing.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
security/smack/smack_lsm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 37b0ef6ca767..2695bd373752 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4385,10 +4385,11 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen,
}
/*
- * There used to be a smack_release_secctx hook
- * that did nothing back when hooks were in a vector.
- * Now that there's a list such a hook adds cost.
+ * There smack_release_secctx hook does nothing
*/
+static void smack_release_secctx(char *secdata, u32 seclen)
+{
+}
static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
@@ -4625,6 +4626,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
+ LSM_HOOK_INIT(release_secctx, smack_release_secctx),
LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
--
2.17.0
More information about the Linux-security-module-archive
mailing list