smack capable(CAP_MAC_OVERRIDE)

https://blog.csdn.net/ning_wei/article/details/9670947

LINUX中的capable

 

int smk_curacc(char *obj_label, u32 mode)
{
    int rc;

    rc = smk_access(current_security(), obj_label, mode);
    if (rc == 0)
        return 0;

    /*
     * Return if a specific label has been designated as the
     * only one that gets privilege and current does not
     * have that label.
     */
    if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
        return rc;

    if (capable(CAP_MAC_OVERRIDE))
        return 0;

    return rc;
}

 

posted @ 2019-03-21 01:22  zxyblog  阅读(321)  评论(2编辑  收藏  举报