summaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2013-10-11 18:06:39 -0700
committerCasey Schaufler <casey@schaufler-ca.com>2013-10-18 09:39:33 -0700
commitc0ab6e56dcb7ca9903d460247cb464e769ae6e77 (patch)
tree52da39cb2798c0a4276d0d23fa3b4f1dbcd732f2 /ipc
parent5a5f2acfd04269e2e0958067216b68ff461c285c (diff)
Smack: Implement lock security mode
Linux file locking does not follow the same rules as other mechanisms. Even though it is a write operation a process can set a read lock on files which it has open only for read access. Two programs with read access to a file can use read locks to communicate. This is not acceptable in a Mandatory Access Control environment. Smack treats setting a read lock as the write operation that it is. Unfortunately, many programs assume that setting a read lock is a read operation. These programs are unhappy in the Smack environment. This patch introduces a new access mode (lock) to address this problem. A process with lock access to a file can set a read lock. A process with write access to a file can set a read lock or a write lock. This prevents a situation where processes are granted write access just so they can set read locks. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions