2.6.24-stable review patch. If anyone has any objections, please let us know. ------------------ From: Stephen Smalley patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline. The proc net rewrite had a side effect on selinux, leading it to mislabel the /proc/net inodes, thereby leading to incorrect denials. Fix security_genfs_sid to ignore extra leading / characters in the path supplied by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...". Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman --- security/selinux/ss/services.c | 3 +++ 1 file changed, 3 insertions(+) --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstyp struct ocontext *c; int rc = 0, cmp = 0; + while (path[0] == '/' && path[1] == '/') + path++; + POLICY_RDLOCK; for (genfs = policydb.genfs; genfs; genfs = genfs->next) { -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/