diff options
author | Miklos Szeredi <miklos@szeredi.hu> | 2008-07-02 15:12:01 -0400 |
---|---|---|
committer | Steven Whitehouse <swhiteho@redhat.com> | 2008-07-03 05:22:01 -0400 |
commit | f58ba889106af60f52af792efbe1973e458a2138 (patch) | |
tree | f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs/gfs2/inode.c | |
parent | f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff) |
[GFS2] don't call permission()
GFS2 calls permission() to verify permissions after locks on the files
have been taken.
For this it's sufficient to call gfs2_permission() instead. This
results in the following changes:
- IS_RDONLY() check is not performed
- IS_IMMUTABLE() check is not performed
- devcgroup_inode_permission() is not called
- security_inode_permission() is not called
IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations. do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.
IS_IMMUTABLE has been added to gfs2_permission()
Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2/inode.c')
-rw-r--r-- | fs/gfs2/inode.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 09453d057e41..caf409083354 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
@@ -504,7 +504,7 @@ struct inode *gfs2_lookupi(struct inode *dir, const struct qstr *name, | |||
504 | } | 504 | } |
505 | 505 | ||
506 | if (!is_root) { | 506 | if (!is_root) { |
507 | error = permission(dir, MAY_EXEC, NULL); | 507 | error = gfs2_permission(dir, MAY_EXEC); |
508 | if (error) | 508 | if (error) |
509 | goto out; | 509 | goto out; |
510 | } | 510 | } |
@@ -667,7 +667,7 @@ static int create_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
667 | { | 667 | { |
668 | int error; | 668 | int error; |
669 | 669 | ||
670 | error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL); | 670 | error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC); |
671 | if (error) | 671 | if (error) |
672 | return error; | 672 | return error; |
673 | 673 | ||
@@ -1134,7 +1134,7 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
1134 | if (IS_APPEND(&dip->i_inode)) | 1134 | if (IS_APPEND(&dip->i_inode)) |
1135 | return -EPERM; | 1135 | return -EPERM; |
1136 | 1136 | ||
1137 | error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL); | 1137 | error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC); |
1138 | if (error) | 1138 | if (error) |
1139 | return error; | 1139 | return error; |
1140 | 1140 | ||