• Tetsuo Handa's avatar
    TOMOYO: Use pathname specified by policy rather than execve() · 484ca79c
    Tetsuo Handa authored
    Commit c9e69318 "TOMOYO: Allow wildcard for execute permission." changed execute
    permission and domainname to accept wildcards. But tomoyo_find_next_domain()
    was using pathname passed to execve() rather than pathname specified by the
    execute permission. As a result, processes were not able to transit to domains
    which contain wildcards in their domainnames.
    
    This patch passes pathname specified by the execute permission back to
    tomoyo_find_next_domain() so that processes can transit to domains which
    contain wildcards in their domainnames.
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    484ca79c
group.c 3.6 KB