diff options
author | James Morris <jmorris@namei.org> | 2009-02-05 19:01:45 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-05 19:01:45 -0500 |
commit | cb5629b10d64a8006622ce3a52bc887d91057d69 (patch) | |
tree | 7c06d8f30783115e3384721046258ce615b129c5 /security/Kconfig | |
parent | 8920d5ad6ba74ae8ab020e90cc4d976980e68701 (diff) | |
parent | f01d1d546abb2f4028b5299092f529eefb01253a (diff) |
Merge branch 'master' into next
Conflicts:
fs/namei.c
Manually merged per:
diff --cc fs/namei.c
index 734f2b5,bbc15c2..0000000
--- a/fs/namei.c
+++ b/fs/namei.c
@@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char
nd->flags |= LOOKUP_CONTINUE;
err = exec_permission_lite(inode);
if (err == -EAGAIN)
- err = vfs_permission(nd, MAY_EXEC);
+ err = inode_permission(nd->path.dentry->d_inode,
+ MAY_EXEC);
+ if (!err)
+ err = ima_path_check(&nd->path, MAY_EXEC);
if (err)
break;
@@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
flag &= ~O_TRUNC;
}
- error = vfs_permission(nd, acc_mode);
+ error = inode_permission(inode, acc_mode);
if (error)
return error;
+
- error = ima_path_check(&nd->path,
++ error = ima_path_check(path,
+ acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
+ if (error)
+ return error;
/*
* An append-only file must be opened in append mode for writing.
*/
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index a79b23f73d0..bf129f87de7 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -82,6 +82,15 @@ config SECURITY_NETWORK_XFRM | |||
82 | IPSec. | 82 | IPSec. |
83 | If you are unsure how to answer this question, answer N. | 83 | If you are unsure how to answer this question, answer N. |
84 | 84 | ||
85 | config SECURITY_PATH | ||
86 | bool "Security hooks for pathname based access control" | ||
87 | depends on SECURITY | ||
88 | help | ||
89 | This enables the security hooks for pathname based access control. | ||
90 | If enabled, a security module can use these hooks to | ||
91 | implement pathname based access controls. | ||
92 | If you are unsure how to answer this question, answer N. | ||
93 | |||
85 | config SECURITY_FILE_CAPABILITIES | 94 | config SECURITY_FILE_CAPABILITIES |
86 | bool "File POSIX Capabilities" | 95 | bool "File POSIX Capabilities" |
87 | default n | 96 | default n |