diff options
| author | Andreas Gruenbacher <agruenba@redhat.com> | 2016-11-10 16:18:28 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-11-14 15:39:48 -0500 |
| commit | db978da8fa1d0819b210c137d31a339149b88875 (patch) | |
| tree | 877976508c0ebadc5372fecdb82f0e91121c1c1a /fs/proc | |
| parent | 420591128cb206201dc444c2d42fb6f299b2ecd0 (diff) | |
proc: Pass file mode to proc_pid_make_inode
Pass the file mode of the proc inode to be created to
proc_pid_make_inode. In proc_pid_make_inode, initialize inode->i_mode
before calling security_task_to_inode. This allows selinux to set
isec->sclass right away without introducing "half-initialized" inode
security structs.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/proc')
| -rw-r--r-- | fs/proc/base.c | 23 | ||||
| -rw-r--r-- | fs/proc/fd.c | 6 | ||||
| -rw-r--r-- | fs/proc/internal.h | 2 | ||||
| -rw-r--r-- | fs/proc/namespaces.c | 3 |
4 files changed, 13 insertions, 21 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 8e654468ab67..9de05e5854ef 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -1663,7 +1663,8 @@ const struct inode_operations proc_pid_link_inode_operations = { | |||
| 1663 | 1663 | ||
| 1664 | /* building an inode */ | 1664 | /* building an inode */ |
| 1665 | 1665 | ||
| 1666 | struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task) | 1666 | struct inode *proc_pid_make_inode(struct super_block * sb, |
| 1667 | struct task_struct *task, umode_t mode) | ||
| 1667 | { | 1668 | { |
| 1668 | struct inode * inode; | 1669 | struct inode * inode; |
| 1669 | struct proc_inode *ei; | 1670 | struct proc_inode *ei; |
| @@ -1677,6 +1678,7 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t | |||
| 1677 | 1678 | ||
| 1678 | /* Common stuff */ | 1679 | /* Common stuff */ |
| 1679 | ei = PROC_I(inode); | 1680 | ei = PROC_I(inode); |
| 1681 | inode->i_mode = mode; | ||
| 1680 | inode->i_ino = get_next_ino(); | 1682 | inode->i_ino = get_next_ino(); |
| 1681 | inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); | 1683 | inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); |
| 1682 | inode->i_op = &proc_def_inode_operations; | 1684 | inode->i_op = &proc_def_inode_operations; |
| @@ -2003,7 +2005,9 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 2003 | struct proc_inode *ei; | 2005 | struct proc_inode *ei; |
| 2004 | struct inode *inode; | 2006 | struct inode *inode; |
| 2005 | 2007 | ||
| 2006 | inode = proc_pid_make_inode(dir->i_sb, task); | 2008 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK | |
| 2009 | ((mode & FMODE_READ ) ? S_IRUSR : 0) | | ||
| 2010 | ((mode & FMODE_WRITE) ? S_IWUSR : 0)); | ||
| 2007 | if (!inode) | 2011 | if (!inode) |
| 2008 | return -ENOENT; | 2012 | return -ENOENT; |
| 2009 | 2013 | ||
| @@ -2012,12 +2016,6 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 2012 | 2016 | ||
| 2013 | inode->i_op = &proc_map_files_link_inode_operations; | 2017 | inode->i_op = &proc_map_files_link_inode_operations; |
| 2014 | inode->i_size = 64; | 2018 | inode->i_size = 64; |
| 2015 | inode->i_mode = S_IFLNK; | ||
| 2016 | |||
| 2017 | if (mode & FMODE_READ) | ||
| 2018 | inode->i_mode |= S_IRUSR; | ||
| 2019 | if (mode & FMODE_WRITE) | ||
| 2020 | inode->i_mode |= S_IWUSR; | ||
| 2021 | 2019 | ||
| 2022 | d_set_d_op(dentry, &tid_map_files_dentry_operations); | 2020 | d_set_d_op(dentry, &tid_map_files_dentry_operations); |
| 2023 | d_add(dentry, inode); | 2021 | d_add(dentry, inode); |
| @@ -2371,12 +2369,11 @@ static int proc_pident_instantiate(struct inode *dir, | |||
| 2371 | struct inode *inode; | 2369 | struct inode *inode; |
| 2372 | struct proc_inode *ei; | 2370 | struct proc_inode *ei; |
| 2373 | 2371 | ||
| 2374 | inode = proc_pid_make_inode(dir->i_sb, task); | 2372 | inode = proc_pid_make_inode(dir->i_sb, task, p->mode); |
| 2375 | if (!inode) | 2373 | if (!inode) |
| 2376 | goto out; | 2374 | goto out; |
| 2377 | 2375 | ||
| 2378 | ei = PROC_I(inode); | 2376 | ei = PROC_I(inode); |
| 2379 | inode->i_mode = p->mode; | ||
| 2380 | if (S_ISDIR(inode->i_mode)) | 2377 | if (S_ISDIR(inode->i_mode)) |
| 2381 | set_nlink(inode, 2); /* Use getattr to fix if necessary */ | 2378 | set_nlink(inode, 2); /* Use getattr to fix if necessary */ |
| 2382 | if (p->iop) | 2379 | if (p->iop) |
| @@ -3058,11 +3055,10 @@ static int proc_pid_instantiate(struct inode *dir, | |||
| 3058 | { | 3055 | { |
| 3059 | struct inode *inode; | 3056 | struct inode *inode; |
| 3060 | 3057 | ||
| 3061 | inode = proc_pid_make_inode(dir->i_sb, task); | 3058 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
| 3062 | if (!inode) | 3059 | if (!inode) |
| 3063 | goto out; | 3060 | goto out; |
| 3064 | 3061 | ||
| 3065 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | ||
| 3066 | inode->i_op = &proc_tgid_base_inode_operations; | 3062 | inode->i_op = &proc_tgid_base_inode_operations; |
| 3067 | inode->i_fop = &proc_tgid_base_operations; | 3063 | inode->i_fop = &proc_tgid_base_operations; |
| 3068 | inode->i_flags|=S_IMMUTABLE; | 3064 | inode->i_flags|=S_IMMUTABLE; |
| @@ -3351,11 +3347,10 @@ static int proc_task_instantiate(struct inode *dir, | |||
| 3351 | struct dentry *dentry, struct task_struct *task, const void *ptr) | 3347 | struct dentry *dentry, struct task_struct *task, const void *ptr) |
| 3352 | { | 3348 | { |
| 3353 | struct inode *inode; | 3349 | struct inode *inode; |
| 3354 | inode = proc_pid_make_inode(dir->i_sb, task); | 3350 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
| 3355 | 3351 | ||
| 3356 | if (!inode) | 3352 | if (!inode) |
| 3357 | goto out; | 3353 | goto out; |
| 3358 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | ||
| 3359 | inode->i_op = &proc_tid_base_inode_operations; | 3354 | inode->i_op = &proc_tid_base_inode_operations; |
| 3360 | inode->i_fop = &proc_tid_base_operations; | 3355 | inode->i_fop = &proc_tid_base_operations; |
| 3361 | inode->i_flags|=S_IMMUTABLE; | 3356 | inode->i_flags|=S_IMMUTABLE; |
diff --git a/fs/proc/fd.c b/fs/proc/fd.c index d21dafef3102..4274f83bf100 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c | |||
| @@ -183,14 +183,13 @@ proc_fd_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 183 | struct proc_inode *ei; | 183 | struct proc_inode *ei; |
| 184 | struct inode *inode; | 184 | struct inode *inode; |
| 185 | 185 | ||
| 186 | inode = proc_pid_make_inode(dir->i_sb, task); | 186 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK); |
| 187 | if (!inode) | 187 | if (!inode) |
| 188 | goto out; | 188 | goto out; |
| 189 | 189 | ||
| 190 | ei = PROC_I(inode); | 190 | ei = PROC_I(inode); |
| 191 | ei->fd = fd; | 191 | ei->fd = fd; |
| 192 | 192 | ||
| 193 | inode->i_mode = S_IFLNK; | ||
| 194 | inode->i_op = &proc_pid_link_inode_operations; | 193 | inode->i_op = &proc_pid_link_inode_operations; |
| 195 | inode->i_size = 64; | 194 | inode->i_size = 64; |
| 196 | 195 | ||
| @@ -322,14 +321,13 @@ proc_fdinfo_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 322 | struct proc_inode *ei; | 321 | struct proc_inode *ei; |
| 323 | struct inode *inode; | 322 | struct inode *inode; |
| 324 | 323 | ||
| 325 | inode = proc_pid_make_inode(dir->i_sb, task); | 324 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFREG | S_IRUSR); |
| 326 | if (!inode) | 325 | if (!inode) |
| 327 | goto out; | 326 | goto out; |
| 328 | 327 | ||
| 329 | ei = PROC_I(inode); | 328 | ei = PROC_I(inode); |
| 330 | ei->fd = fd; | 329 | ei->fd = fd; |
| 331 | 330 | ||
| 332 | inode->i_mode = S_IFREG | S_IRUSR; | ||
| 333 | inode->i_fop = &proc_fdinfo_file_operations; | 331 | inode->i_fop = &proc_fdinfo_file_operations; |
| 334 | 332 | ||
| 335 | d_set_d_op(dentry, &tid_fd_dentry_operations); | 333 | d_set_d_op(dentry, &tid_fd_dentry_operations); |
diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 5378441ec1b7..f4494dcbdc8b 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h | |||
| @@ -162,7 +162,7 @@ extern int proc_pid_statm(struct seq_file *, struct pid_namespace *, | |||
| 162 | extern const struct dentry_operations pid_dentry_operations; | 162 | extern const struct dentry_operations pid_dentry_operations; |
| 163 | extern int pid_getattr(struct vfsmount *, struct dentry *, struct kstat *); | 163 | extern int pid_getattr(struct vfsmount *, struct dentry *, struct kstat *); |
| 164 | extern int proc_setattr(struct dentry *, struct iattr *); | 164 | extern int proc_setattr(struct dentry *, struct iattr *); |
| 165 | extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *); | 165 | extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *, umode_t); |
| 166 | extern int pid_revalidate(struct dentry *, unsigned int); | 166 | extern int pid_revalidate(struct dentry *, unsigned int); |
| 167 | extern int pid_delete_dentry(const struct dentry *); | 167 | extern int pid_delete_dentry(const struct dentry *); |
| 168 | extern int proc_pid_readdir(struct file *, struct dir_context *); | 168 | extern int proc_pid_readdir(struct file *, struct dir_context *); |
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c index 51b8b0a8ad91..766f0c637ad1 100644 --- a/fs/proc/namespaces.c +++ b/fs/proc/namespaces.c | |||
| @@ -92,12 +92,11 @@ static int proc_ns_instantiate(struct inode *dir, | |||
| 92 | struct inode *inode; | 92 | struct inode *inode; |
| 93 | struct proc_inode *ei; | 93 | struct proc_inode *ei; |
| 94 | 94 | ||
| 95 | inode = proc_pid_make_inode(dir->i_sb, task); | 95 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK | S_IRWXUGO); |
| 96 | if (!inode) | 96 | if (!inode) |
| 97 | goto out; | 97 | goto out; |
| 98 | 98 | ||
| 99 | ei = PROC_I(inode); | 99 | ei = PROC_I(inode); |
| 100 | inode->i_mode = S_IFLNK|S_IRWXUGO; | ||
| 101 | inode->i_op = &proc_ns_link_inode_operations; | 100 | inode->i_op = &proc_ns_link_inode_operations; |
| 102 | ei->ns_ops = ns_ops; | 101 | ei->ns_ops = ns_ops; |
| 103 | 102 | ||