[PATCH] selinux: MLS compatibility
This patch enables files created on a MLS-enabled SELinux system to be accessible on a non-MLS SELinux system, by skipping the MLS component of the security context in the non-MLS case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
d34d7ae266
commit
e517a0cd85
@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
|
||||
struct cat_datum *catdatum, *rngdatum;
|
||||
int l, rc = -EINVAL;
|
||||
|
||||
if (!selinux_mls_enabled)
|
||||
if (!selinux_mls_enabled) {
|
||||
if (def_sid != SECSID_NULL && oldc)
|
||||
*scontext += strlen(*scontext);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* No MLS component to the security context, try and map to
|
||||
|
Loading…
Reference in New Issue
Block a user