diff options
| author | WaLyong Cho <walyong.cho@samsung.com> | 2015-06-10 11:33:00 +0900 | 
|---|---|---|
| committer | WaLyong Cho <walyong.cho@samsung.com> | 2015-06-22 23:44:09 +0900 | 
| commit | 6656aefb42385b468dd96867118d049f945cbf81 (patch) | |
| tree | 11fce76b11e0a442aec122f9ed8454eff9dc81af /src/detect-virt/detect-virt.c | |
| parent | cc05b1bb371b90560a44e8e13a66ce5e727631f1 (diff) | |
smack: support smack access change-rule
Smack is also able to have modification rules of existing rules. In
this case, the rule has additional argument to modify previous
rule. /sys/fs/smackfs/load2 node can only take three arguments:
subject object access. So if modification rules are written to
/sys/fs/smackfs/load2, EINVAL error is happen. Those modification
rules have to be written to /sys/fs/smackfs/change-rule.
To distinguish access with operation of cipso2, split write_rules()
for each operation. And, in write access rules, parse the rule and if
the rule has four argument then write into
/sys/fs/smackfs/change-rule.
https://lwn.net/Articles/532340/
fwrite() or fputs() are fancy functions to write byte stream such like
regular file. But special files on linux such like proc, sysfs are not
stream of bytes. Those special files on linux have to be written with
specific size.
By this reason, in some of many case, fputs() was failed to write
buffer to smack load2 node.
The write operation for the smack nodes should be performed with
write().
Diffstat (limited to 'src/detect-virt/detect-virt.c')
0 files changed, 0 insertions, 0 deletions
