diff options
author | Eric Paris <eparis@redhat.com> | 2010-07-23 11:43:51 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:35:06 -0400 |
commit | 9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b (patch) | |
tree | 86fae80c744e46b15b8eb9aa23fead7e63a64159 /fs/fuse/dir.c | |
parent | 692a8a231b212dfc68f612956d63f34abf098e0f (diff) |
vfs: re-introduce MAY_CHDIR
Currently MAY_ACCESS means that filesystems must check the permissions
right then and not rely on cached results or the results of future
operations on the object. This can be because of a call to sys_access() or
because of a call to chdir() which needs to check search without relying on
any future operations inside that dir. I plan to use MAY_ACCESS for other
purposes in the security system, so I split the MAY_ACCESS and the
MAY_CHDIR cases.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/fuse/dir.c')
-rw-r--r-- | fs/fuse/dir.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 3cdc5f78a406..431be0795b6b 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c | |||
@@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask) | |||
1016 | exist. So if permissions are revoked this won't be | 1016 | exist. So if permissions are revoked this won't be |
1017 | noticed immediately, only after the attribute | 1017 | noticed immediately, only after the attribute |
1018 | timeout has expired */ | 1018 | timeout has expired */ |
1019 | } else if (mask & MAY_ACCESS) { | 1019 | } else if (mask & (MAY_ACCESS | MAY_CHDIR)) { |
1020 | err = fuse_access(inode, mask); | 1020 | err = fuse_access(inode, mask); |
1021 | } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { | 1021 | } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { |
1022 | if (!(inode->i_mode & S_IXUGO)) { | 1022 | if (!(inode->i_mode & S_IXUGO)) { |