Smack: limited capability for changing process label

[cascardo/linux.git] / security / smack / smack.h

diff --git a/security/smack/smack.h b/security/smack/smack.h
index fff0c61..6c91156 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -115,6 +115,7 @@ struct task_smack {
        struct smack_known      *smk_forked;    /* label when forked */
        struct list_head        smk_rules;      /* per task access rules */
        struct mutex            smk_rules_lock; /* lock for the rules */
+       struct list_head        smk_relabel;    /* transit allowed labels */
 };
 
 #define        SMK_INODE_INSTANT       0x01    /* inode is instantiated */
@@ -169,7 +170,7 @@ struct smk_port_label {
 };
 #endif /* SMACK_IPV6_PORT_LABELING */
 
-struct smack_onlycap {
+struct smack_known_list_elem {
        struct list_head        list;
        struct smack_known      *smk_label;
 };
@@ -301,6 +302,7 @@ struct smack_known *smk_import_entry(const char *, int);
 void smk_insert_entry(struct smack_known *skp);
 struct smack_known *smk_find_entry(const char *);
 int smack_privileged(int cap);
+void smk_destroy_label_list(struct list_head *list);
 
 /*
  * Shared data.