summaryrefslogtreecommitdiff
path: root/security/tomoyo/mount.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-03 20:38:44 +0900
committerJames Morris <jmorris@namei.org>2010-08-02 15:33:43 +1000
commit57c2590fb7fd38bd52708ff2716a577d0c2b3c5a (patch)
tree19db2e176e1e49d85482995249ba18aebbb8f7eb /security/tomoyo/mount.c
parent1084307ca097745ed6e40a192329b133a49271ac (diff)
TOMOYO: Update profile structure.
This patch allows users to change access control mode for per-operation basis. This feature comes from non LSM version of TOMOYO which is designed for permitting users to use SELinux and TOMOYO at the same time. SELinux does not care filename in a directory whereas TOMOYO does. Change of filename can change how the file is used. For example, renaming index.txt to .htaccess will change how the file is used. Thus, letting SELinux to enforce read()/write()/mmap() etc. restriction and letting TOMOYO to enforce rename() restriction is an example usage of this feature. What is unfortunate for me is that currently LSM does not allow users to use SELinux and LSM version of TOMOYO at the same time... Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
-rw-r--r--security/tomoyo/mount.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 7c1c7fdd3681..77ee8bf41948 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -248,7 +248,8 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
int error;
int idx;
- if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED)
+ if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
+ == TOMOYO_CONFIG_DISABLED)
return 0;
if (!type)
type = "<NULL>";