[PATCH] SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0

[PATCH] SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0

[David Howells]

Make selinux_kernel_create_files_as() return an error when it gets one, rather
than unconditionally returning 0.

Without this, cachefiles doesn't return an error if the SELinux policy doesn't
let it create files with the label of the directory at the base of the cache.

Signed-off-by: David Howells <dhowells@redhat.com>
---

 security/selinux/hooks.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9a2ee84..99a7707 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3334,7 +3334,7 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
 
 	if (ret == 0)
 		tsec->create_sid = isec->sid;
-	return 0;
+	return ret;
 }
 
 static int selinux_kernel_module_request(char *kmod_name)

Re: [PATCH] SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0

[James Morris]

On Fri, 26 Feb 2010, David Howells wrote:

> Make selinux_kernel_create_files_as() return an error when it gets one, rather
> than unconditionally returning 0.
> 
> Without this, cachefiles doesn't return an error if the SELinux policy doesn't
> let it create files with the label of the directory at the base of the cache.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>


Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

-- 
James Morris
<jmorris@namei.org>