aboutsummaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-08-04 10:28:39 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-08-04 10:28:39 -0700
commit7e6880951da86928c7f6cecf26dcb8e8d9f826da (patch)
tree1ad8af6c52e06710f93847933c2720751100d668 /fs
parent3a09b1be53d23df780a0cd0e4087a05e2ca4a00c (diff)
parent77c80e6b2fd049848bfd1bdab67899ad3ac407a7 (diff)
downloadvexpress-lsk-7e6880951da86928c7f6cecf26dcb8e8d9f826da.tar.gz
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (90 commits) AppArmor: fix build warnings for non-const use of get_task_cred selinux: convert the policy type_attr_map to flex_array AppArmor: Enable configuring and building of the AppArmor security module TOMOYO: Use pathname specified by policy rather than execve() AppArmor: update path_truncate method to latest version AppArmor: core policy routines AppArmor: policy routines for loading and unpacking policy AppArmor: mediation of non file objects AppArmor: LSM interface, and security module initialization AppArmor: Enable configuring and building of the AppArmor security module AppArmor: update Maintainer and Documentation AppArmor: functions for domain transitions AppArmor: file enforcement routines AppArmor: userspace interfaces AppArmor: dfa match engine AppArmor: contexts used in attaching policy to system objects AppArmor: basic auditing infrastructure. AppArmor: misc. base functions and defines TOMOYO: Update version to 2.3.0 TOMOYO: Fix quota check. ...
Diffstat (limited to 'fs')
-rw-r--r--fs/fuse/dir.c2
-rw-r--r--fs/namei.c6
-rw-r--r--fs/nfs/dir.c2
-rw-r--r--fs/open.c11
4 files changed, 9 insertions, 12 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 3cdc5f78a40..431be0795b6 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask)
exist. So if permissions are revoked this won't be
noticed immediately, only after the attribute
timeout has expired */
- } else if (mask & MAY_ACCESS) {
+ } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
err = fuse_access(inode, mask);
} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
if (!(inode->i_mode & S_IXUGO)) {
diff --git a/fs/namei.c b/fs/namei.c
index 868d0cb9d47..42d2d28fb82 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -282,8 +282,7 @@ int inode_permission(struct inode *inode, int mask)
if (retval)
return retval;
- return security_inode_permission(inode,
- mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
+ return security_inode_permission(inode, mask);
}
/**
@@ -1484,8 +1483,7 @@ static int handle_truncate(struct path *path)
*/
error = locks_verify_locked(inode);
if (!error)
- error = security_path_truncate(path, 0,
- ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
+ error = security_path_truncate(path);
if (!error) {
error = do_truncate(path->dentry, 0,
ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index e60416d3f81..832e9e23932 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1953,7 +1953,7 @@ int nfs_permission(struct inode *inode, int mask)
if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
goto out;
/* Is this sys_access() ? */
- if (mask & MAY_ACCESS)
+ if (mask & (MAY_ACCESS | MAY_CHDIR))
goto force_lookup;
switch (inode->i_mode & S_IFMT) {
diff --git a/fs/open.c b/fs/open.c
index 5463266db9e..0d1fa3dc0ef 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -110,7 +110,7 @@ static long do_sys_truncate(const char __user *pathname, loff_t length)
error = locks_verify_truncate(inode, NULL, length);
if (!error)
- error = security_path_truncate(&path, length, 0);
+ error = security_path_truncate(&path);
if (!error)
error = do_truncate(path.dentry, length, 0, NULL);
@@ -165,8 +165,7 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
error = locks_verify_truncate(inode, file, length);
if (!error)
- error = security_path_truncate(&file->f_path, length,
- ATTR_MTIME|ATTR_CTIME);
+ error = security_path_truncate(&file->f_path);
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
out_putf:
@@ -367,7 +366,7 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename)
if (error)
goto out;
- error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+ error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
if (error)
goto dput_and_out;
@@ -396,7 +395,7 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
if (!S_ISDIR(inode->i_mode))
goto out_putf;
- error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
+ error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
if (!error)
set_fs_pwd(current->fs, &file->f_path);
out_putf:
@@ -414,7 +413,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename)
if (error)
goto out;
- error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+ error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
if (error)
goto dput_and_out;