[PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess

* MAY_CHDIR is redundant - it's an equivalent of MAY_ACCESS * MAY_ACCESS on fuse should affect only the last step of pathname resolution * fchdir() and chroot() should pass MAY_ACCESS, for the same reason why chdir() needs that. * now that we pass MAY_ACCESS explicitly in all cases, LOOKUP_ACCESS can be removed; it has no business being in nameidata. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2008-07-17 09:19:08 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-07-26 20:53:21 -0400
commit: a110343f0d6d41f68b7cf8c00b57a3172c67f816 (patch)
tree: 04f57e3454e796765a7395d2ece4739cf536ae9f /fs
parent: 7f2da1e7d0330395e5e9e350b879b98a1ea495df (diff)
3 files changed, 6 insertions, 8 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 48a7934cb95..fd03330cade 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -962,7 +962,7 @@ static int fuse_permission(struct inode *inode, int mask)
                   exist.  So if permissions are revoked this won't be
                   noticed immediately, only after the attribute
                   timeout has expired */
-        } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
+        } else if (mask & MAY_ACCESS) {
                err = fuse_access(inode, mask);
        } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
                if (!(inode->i_mode & S_IXUGO)) {
diff --git a/fs/namei.c b/fs/namei.c
index 095818089ac..33dcaf025c4 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -265,8 +265,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
        if (inode->i_op && inode->i_op->permission) {
                int extra = 0;
                if (nd) {
-                        if (nd->flags & LOOKUP_ACCESS)
-                                extra |= MAY_ACCESS;
                        if (nd->flags & LOOKUP_OPEN)
                                extra |= MAY_OPEN;
                }
diff --git a/fs/open.c b/fs/open.c
index d3a2a00f52d..3317e1909b2 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -457,11 +457,11 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
                        old_cap = cap_set_effective(current->cap_permitted);
        }
-        res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
+        res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd);
        if (res)
                goto out;
-        res = vfs_permission(&nd, mode);
+        res = vfs_permission(&nd, mode | MAY_ACCESS);
        /* SuS v2 requires we report a read only fs too */
        if(res || !(mode & S_IWOTH) ||
           special_file(nd.path.dentry->d_inode->i_mode))
@@ -505,7 +505,7 @@ asmlinkage long sys_chdir(const char __user * filename)
        if (error)
                goto out;
-        error = vfs_permission(&nd, MAY_EXEC | MAY_CHDIR);
+        error = vfs_permission(&nd, MAY_EXEC | MAY_ACCESS);
        if (error)
                goto dput_and_out;
@@ -534,7 +534,7 @@ asmlinkage long sys_fchdir(unsigned int fd)
        if (!S_ISDIR(inode->i_mode))
                goto out_putf;
-        error = file_permission(file, MAY_EXEC);
+        error = file_permission(file, MAY_EXEC | MAY_ACCESS);
        if (!error)
                set_fs_pwd(current->fs, &file->f_path);
 out_putf:
@@ -552,7 +552,7 @@ asmlinkage long sys_chroot(const char __user * filename)
        if (error)
                goto out;
-        error = vfs_permission(&nd, MAY_EXEC);
+        error = vfs_permission(&nd, MAY_EXEC | MAY_ACCESS);
        if (error)
                goto dput_and_out;
author	Al Viro <viro@zeniv.linux.org.uk>	2008-07-17 09:19:08 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-07-26 20:53:21 -0400
commit	a110343f0d6d41f68b7cf8c00b57a3172c67f816 (patch)
tree	04f57e3454e796765a7395d2ece4739cf536ae9f /fs
parent	7f2da1e7d0330395e5e9e350b879b98a1ea495df (diff)