@@ -549,8 +549,12 @@ struct smack_known *smk_import_entry(const char *string, int len)
skp->smk_known = smack;
skp->smk_secid = smack_next_secid++;
skp->smk_netlabel.domain = skp->smk_known;
- skp->smk_netlabel.flags =
- NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
+ lsm_export_init(&skp->smk_netlabel.attr.le);
+ skp->smk_netlabel.attr.le.flags = LSM_EXPORT_SMACK;
+ skp->smk_netlabel.attr.le.smack = skp->smk_secid;
+ skp->smk_netlabel.flags = NETLBL_SECATTR_DOMAIN |
+ NETLBL_SECATTR_MLS_LVL |
+ NETLBL_SECATTR_SECID;
/*
* If direct labeling works use it.
* Otherwise use mapped labeling.
@@ -2953,8 +2953,12 @@ static struct vfsmount *smackfs_mount;
static int __init smk_preset_netlabel(struct smack_known *skp)
{
skp->smk_netlabel.domain = skp->smk_known;
- skp->smk_netlabel.flags =
- NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
+ lsm_export_init(&skp->smk_netlabel.attr.le);
+ skp->smk_netlabel.attr.le.flags = LSM_EXPORT_SMACK;
+ skp->smk_netlabel.attr.le.smack = skp->smk_secid;
+ skp->smk_netlabel.flags = NETLBL_SECATTR_DOMAIN |
+ NETLBL_SECATTR_MLS_LVL |
+ NETLBL_SECATTR_SECID;
return smk_netlbl_mls(smack_cipso_direct, skp->smk_known,
&skp->smk_netlabel, strlen(skp->smk_known));
}
Add the secid to the attributes shared with netlabel. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- security/smack/smack_access.c | 8 ++++++-- security/smack/smackfs.c | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-)