diff options
-rw-r--r-- | fs/ntfs/sysctl.c | 8 | ||||
-rw-r--r-- | include/linux/sysctl.h | 1 | ||||
-rw-r--r-- | net/decnet/dn_dev.c | 5 | ||||
-rw-r--r-- | net/ipv4/devinet.c | 5 | ||||
-rw-r--r-- | net/ipv6/addrconf.c | 5 | ||||
-rw-r--r-- | security/selinux/hooks.c | 39 |
6 files changed, 37 insertions, 26 deletions
diff --git a/fs/ntfs/sysctl.c b/fs/ntfs/sysctl.c index 1f1ee4c9..4847fbf 100644 --- a/fs/ntfs/sysctl.c +++ b/fs/ntfs/sysctl.c @@ -73,14 +73,6 @@ int ntfs_sysctl(int add) sysctls_root_table = register_sysctl_table(sysctls_root); if (!sysctls_root_table) return -ENOMEM; -#ifdef CONFIG_PROC_FS - /* - * If the proc filesystem is in use and we are a module, need - * to set the owner of our proc entry to our module. In the - * non-modular case, THIS_MODULE is NULL, so this is ok. - */ - ntfs_sysctls[0].de->owner = THIS_MODULE; -#endif } else { BUG_ON(!sysctls_root_table); unregister_sysctl_table(sysctls_root_table); diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 1371d7b..2c5fb38 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -1025,7 +1025,6 @@ struct ctl_table ctl_table *parent; /* Automatically set */ proc_handler *proc_handler; /* Callback for text formatting */ ctl_handler *strategy; /* Callback function for all r/w */ - struct proc_dir_entry *de; /* /proc control block */ void *extra1; void *extra2; }; diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c index 0977df4..060d725 100644 --- a/net/decnet/dn_dev.c +++ b/net/decnet/dn_dev.c @@ -261,7 +261,6 @@ static void dn_dev_sysctl_register(struct net_device *dev, struct dn_dev_parms * for(i = 0; i < ARRAY_SIZE(t->dn_dev_vars) - 1; i++) { long offset = (long)t->dn_dev_vars[i].data; t->dn_dev_vars[i].data = ((char *)parms) + offset; - t->dn_dev_vars[i].de = NULL; } if (dev) { @@ -273,13 +272,9 @@ static void dn_dev_sysctl_register(struct net_device *dev, struct dn_dev_parms * } t->dn_dev_dev[0].child = t->dn_dev_vars; - t->dn_dev_dev[0].de = NULL; t->dn_dev_conf_dir[0].child = t->dn_dev_dev; - t->dn_dev_conf_dir[0].de = NULL; t->dn_dev_proto_dir[0].child = t->dn_dev_conf_dir; - t->dn_dev_proto_dir[0].de = NULL; t->dn_dev_root_dir[0].child = t->dn_dev_proto_dir; - t->dn_dev_root_dir[0].de = NULL; t->dn_dev_vars[0].extra1 = (void *)dev; t->sysctl_header = register_sysctl_table(t->dn_dev_root_dir); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index bf3eb2d..8a0ec10 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -1576,7 +1576,6 @@ static void devinet_sysctl_register(struct in_device *in_dev, return; for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) { t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; - t->devinet_vars[i].de = NULL; } if (dev) { @@ -1598,13 +1597,9 @@ static void devinet_sysctl_register(struct in_device *in_dev, t->devinet_dev[0].procname = dev_name; t->devinet_dev[0].child = t->devinet_vars; - t->devinet_dev[0].de = NULL; t->devinet_conf_dir[0].child = t->devinet_dev; - t->devinet_conf_dir[0].de = NULL; t->devinet_proto_dir[0].child = t->devinet_conf_dir; - t->devinet_proto_dir[0].de = NULL; t->devinet_root_dir[0].child = t->devinet_proto_dir; - t->devinet_root_dir[0].de = NULL; t->sysctl_header = register_sysctl_table(t->devinet_root_dir); if (!t->sysctl_header) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 34d80b4..569a37d 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3998,7 +3998,6 @@ static void addrconf_sysctl_register(struct inet6_dev *idev, struct ipv6_devconf return; for (i=0; t->addrconf_vars[i].data; i++) { t->addrconf_vars[i].data += (char*)p - (char*)&ipv6_devconf; - t->addrconf_vars[i].de = NULL; t->addrconf_vars[i].extra1 = idev; /* embedded; no ref */ } if (dev) { @@ -4021,13 +4020,9 @@ static void addrconf_sysctl_register(struct inet6_dev *idev, struct ipv6_devconf t->addrconf_dev[0].procname = dev_name; t->addrconf_dev[0].child = t->addrconf_vars; - t->addrconf_dev[0].de = NULL; t->addrconf_conf_dir[0].child = t->addrconf_dev; - t->addrconf_conf_dir[0].de = NULL; t->addrconf_proto_dir[0].child = t->addrconf_conf_dir; - t->addrconf_proto_dir[0].de = NULL; t->addrconf_root_dir[0].child = t->addrconf_proto_dir; - t->addrconf_root_dir[0].de = NULL; t->sysctl_header = register_sysctl_table(t->addrconf_root_dir); if (t->sysctl_header == NULL) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 35eb8de..118ddfb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1423,6 +1423,41 @@ static int selinux_capable(struct task_struct *tsk, int cap) return task_has_capability(tsk,cap); } +static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) +{ + int buflen, rc; + char *buffer, *path, *end; + + rc = -ENOMEM; + buffer = (char*)__get_free_page(GFP_KERNEL); + if (!buffer) + goto out; + + buflen = PAGE_SIZE; + end = buffer+buflen; + *--end = '\0'; + buflen--; + path = end-1; + *path = '/'; + while (table) { + const char *name = table->procname; + size_t namelen = strlen(name); + buflen -= namelen + 1; + if (buflen < 0) + goto out_free; + end -= namelen; + memcpy(end, name, namelen); + *--end = '/'; + path = end; + table = table->parent; + } + rc = security_genfs_sid("proc", path, tclass, sid); +out_free: + free_page((unsigned long)buffer); +out: + return rc; +} + static int selinux_sysctl(ctl_table *table, int op) { int error = 0; @@ -1437,8 +1472,8 @@ static int selinux_sysctl(ctl_table *table, int op) tsec = current->security; - rc = selinux_proc_get_sid(table->de, (op == 001) ? - SECCLASS_DIR : SECCLASS_FILE, &tsid); + rc = selinux_sysctl_get_sid(table, (op == 0001) ? + SECCLASS_DIR : SECCLASS_FILE, &tsid); if (rc) { /* Default to the well-defined sysctl SID. */ tsid = SECINITSID_SYSCTL; |