Skip to content

Commit

Permalink
TOMOYO: Don't create securityfs entries unless registered.
Browse files Browse the repository at this point in the history 
TOMOYO should not create /sys/kernel/security/tomoyo/ interface unless
TOMOYO is registered.

Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
  • Loading branch information
Tetsuo Handa authored and James Morris committed Feb 15, 2009
1 parent 33043cb commit e5a3b95
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions security/tomoyo/common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2177,6 +2177,10 @@ static int __init tomoyo_initerface_init(void)
{
struct dentry *tomoyo_dir;

/* Don't create securityfs entries unless registered. */
if (current_cred()->security != &tomoyo_kernel_domain)
return 0;

tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
TOMOYO_DOMAINPOLICY);
Expand Down

0 comments on commit e5a3b95

Please sign in to comment.