diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-09-02 11:40:32 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-09-02 22:06:12 -0400 |
commit | 6c1488fd581a447ec87c4b59f0d33f95f0aa441b (patch) | |
tree | ae7229de1dc5582413e76f45ffdc04ae941e1daa | |
parent | ee18d64c1f632043a02e6f5ba5e045bb26a5465f (diff) |
IMA: open new file for read
When creating a new file, ima_path_check() assumed the new file
was being opened for write. Call ima_path_check() with the
appropriate acc_mode so that the read/write counters are
incremented correctly.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | fs/namei.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c index f3c5b278895a..ee01308a01d1 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
1533 | if (error) | 1533 | if (error) |
1534 | return error; | 1534 | return error; |
1535 | 1535 | ||
1536 | error = ima_path_check(path, | 1536 | error = ima_path_check(path, acc_mode ? |
1537 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC), | 1537 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) : |
1538 | ACC_MODE(flag) & (MAY_READ | MAY_WRITE), | ||
1538 | IMA_COUNT_UPDATE); | 1539 | IMA_COUNT_UPDATE); |
1540 | |||
1539 | if (error) | 1541 | if (error) |
1540 | return error; | 1542 | return error; |
1541 | /* | 1543 | /* |