@@ -494,8 +494,8 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
int cat;
int rc;
int byte;
+ bool has = false;
- sap->flags |= NETLBL_SECATTR_MLS_CAT;
sap->attr.mls.lvl = level;
sap->attr.mls.cat = NULL;
@@ -503,6 +503,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
for (m = 0x80; m != 0; m >>= 1, cat++) {
if ((m & *cp) == 0)
continue;
+ has = true;
rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
cat, GFP_KERNEL);
if (rc < 0) {
@@ -511,6 +512,9 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
}
}
+ if (has)
+ sap->flags |= NETLBL_SECATTR_MLS_CAT;
+
return 0;
}
Don't tell CIPSO that a netlabel created by Smack has categories set whenit doesn't. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- security/smack/smack_access.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)