TOMOYO: Use pathname specified by policy rather than execve()
Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute permission and domainname to accept wildcards. But tomoyo_find_next_domain() was using pathname passed to execve() rather than pathname specified by the execute permission. As a result, processes were not able to transit to domains which contain wildcards in their domainnames. This patch passes pathname specified by the execute permission back to tomoyo_find_next_domain() so that processes can transit to domains which contain wildcards in their domainnames. Signed-off-by:Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by:
James Morris <jmorris@namei.org>
Showing
- security/tomoyo/common.h 9 additions, 5 deletionssecurity/tomoyo/common.h
- security/tomoyo/domain.c 14 additions, 1 deletionsecurity/tomoyo/domain.c
- security/tomoyo/file.c 17 additions, 9 deletionssecurity/tomoyo/file.c
- security/tomoyo/group.c 7 additions, 7 deletionssecurity/tomoyo/group.c
- security/tomoyo/mount.c 1 addition, 1 deletionsecurity/tomoyo/mount.c
Loading
Please register or sign in to comment