review.tizen.org Git - kernel/kernel-generic.git/commit

Smack: Implement lock security mode

Linux file locking does not follow the same rules
as other mechanisms. Even though it is a write operation
a process can set a read lock on files which it has open
only for read access. Two programs with read access to
a file can use read locks to communicate.

This is not acceptable in a Mandatory Access Control
environment. Smack treats setting a read lock as the
write operation that it is. Unfortunately, many programs
assume that setting a read lock is a read operation.
These programs are unhappy in the Smack environment.

This patch introduces a new access mode (lock) to address
this problem. A process with lock access to a file can
set a read lock. A process with write access to a file can
set a read lock or a write lock. This prevents a situation
where processes are granted write access just so they can
set read locks.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

author	Casey Schaufler <casey@schaufler-ca.com>
	Sat, 12 Oct 2013 01:06:39 +0000 (18:06 -0700)
committer	Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
	Tue, 10 Dec 2013 09:41:18 +0000 (11:41 +0200)
commit	15a273741dbb1cee62360f923d2ee428d5ec1d65
tree	8bedc788a2a30d8a72f4e33147b56a9b789d8b94	tree \| snapshot
parent	58f9820be429f21ec6b3a2288da4504fa8c42de6	commit \| diff

security/smack/smack.h		diff \| blob \| history
security/smack/smack_access.c		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history