TOMOYO: Fix domain transition failure warning.
Tetsuo Handa [Tue, 27 Sep 2011 02:48:53 +0000 (11:48 +0900)]
Commit bd03a3e4 "TOMOYO: Add policy namespace support." introduced policy
namespace. But as of /sbin/modprobe is executed from initramfs/initrd, profiles
for target domain's namespace is not defined because /sbin/tomoyo-init is not
yet called.

Reported-by: Jamie Nguyen <jamie@tomoyolinux.co.uk>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/domain.c

index da16dfe..9027ac1 100644 (file)
@@ -515,7 +515,8 @@ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
                         * that domain. Do not perform domain transition if
                         * profile for that domain is not yet created.
                         */
-                       if (!entry->ns->profile_ptr[entry->profile])
+                       if (tomoyo_policy_loaded &&
+                           !entry->ns->profile_ptr[entry->profile])
                                return NULL;
                }
                return entry;