This change has two goals:
- delay the setting of 'smack_enabled' until
it will be really effective
- ensure that smackfs is valid only if 'smack_enabled'
is set (it is already the case in smack_netfilter.c)
Signed-off-by: José Bollo
---
security/smack/smack_lsm.
The function strncpy was copying an extra character
when i == len (what is possible via revoke interface).
Change-Id: Ic7452da05773e620a1d7bbc55e859c25a86c65f6
Signed-off-by: José Bollo
Signed-off-by: Stephane Desneux
---
security/smack/smack_access.c | 2 +-
1 file changed, 1 insertion(+), 1
are allowing either a centralized service
for tagging processes or a fork/exec model.
A such module can be easily used as part of a cynara like
authorisation system.
LINKS
=
[1] https://wiki.tizen.org/wiki/Security
[2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara
[3] https://gi
g the tag "smack-tags:keep-all" keep all there tags;
- otherwise, processes having "smack-tags:keep" keep the tags that are
not specials;
- otherwise, processes lose all their tags.
Because changes only occur through tag files accesses, the notifications
might be available
tem.
LINKS
=
[1] https://wiki.tizen.org/wiki/Security
[2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara
[3] https://github.com/jobol/keyzen
[4] https://archive.fosdem.org/2015/schedule/event/sec_enforcement/
José Bollo (1):
Tags: Adding tagging feature to security modules
here tags;
- otherwise, processes having "tags:keep" keep the tags that are
not specials;
- otherwise, processes only keep tags that are prefixed with the
character * (star).
Because changes only occur through tag files accesses, the
notifications might be available to any possible
I prefer the use of sizeof that can't be faked even by error but why not
Le dimanche 03 janvier 2016 à 20:56 +0100, Toralf Förster a écrit :
> use the definition in include/uapi/linux/xattr.h
>
> Signed-off-by: Toralf Förster
> ---
> fs/ext4/xattr_security.c | 2 +-
> 1 file changed, 1 insertio