diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-26 14:03:39 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-26 14:03:39 -0400 |
| commit | 8d80ce80e1d58ba9cd3e3972b112cccd6b4008f4 (patch) | |
| tree | 16d3cca8d260c731d02a4e5e1ea5b9817c9c3626 /fs/namei.c | |
| parent | 1646df40bb111715a90ce0b86448dabbcc5b3f3d (diff) | |
| parent | 703a3cd72817e99201cef84a8a7aecc60b2b3581 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (71 commits)
SELinux: inode_doinit_with_dentry drop no dentry printk
SELinux: new permission between tty audit and audit socket
SELinux: open perm for sock files
smack: fixes for unlabeled host support
keys: make procfiles per-user-namespace
keys: skip keys from another user namespace
keys: consider user namespace in key_permission
keys: distinguish per-uid keys in different namespaces
integrity: ima iint radix_tree_lookup locking fix
TOMOYO: Do not call tomoyo_realpath_init unless registered.
integrity: ima scatterlist bug fix
smack: fix lots of kernel-doc notation
TOMOYO: Don't create securityfs entries unless registered.
TOMOYO: Fix exception policy read failure.
SELinux: convert the avc cache hash list to an hlist
SELinux: code readability with avc_cache
SELinux: remove unused av.decided field
SELinux: more careful use of avd in avc_has_perm_noaudit
SELinux: remove the unused ae.used
SELinux: check seqno when updating an avc_node
...
Diffstat (limited to 'fs/namei.c')
| -rw-r--r-- | fs/namei.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index bbc15c237558..199317642ad6 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <linux/fsnotify.h> | 24 | #include <linux/fsnotify.h> |
| 25 | #include <linux/personality.h> | 25 | #include <linux/personality.h> |
| 26 | #include <linux/security.h> | 26 | #include <linux/security.h> |
| 27 | #include <linux/ima.h> | ||
| 27 | #include <linux/syscalls.h> | 28 | #include <linux/syscalls.h> |
| 28 | #include <linux/mount.h> | 29 | #include <linux/mount.h> |
| 29 | #include <linux/audit.h> | 30 | #include <linux/audit.h> |
| @@ -850,6 +851,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd) | |||
| 850 | if (err == -EAGAIN) | 851 | if (err == -EAGAIN) |
| 851 | err = inode_permission(nd->path.dentry->d_inode, | 852 | err = inode_permission(nd->path.dentry->d_inode, |
| 852 | MAY_EXEC); | 853 | MAY_EXEC); |
| 854 | if (!err) | ||
| 855 | err = ima_path_check(&nd->path, MAY_EXEC); | ||
| 853 | if (err) | 856 | if (err) |
| 854 | break; | 857 | break; |
| 855 | 858 | ||
| @@ -1509,6 +1512,11 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
| 1509 | error = inode_permission(inode, acc_mode); | 1512 | error = inode_permission(inode, acc_mode); |
| 1510 | if (error) | 1513 | if (error) |
| 1511 | return error; | 1514 | return error; |
| 1515 | |||
| 1516 | error = ima_path_check(path, | ||
| 1517 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); | ||
| 1518 | if (error) | ||
| 1519 | return error; | ||
| 1512 | /* | 1520 | /* |
| 1513 | * An append-only file must be opened in append mode for writing. | 1521 | * An append-only file must be opened in append mode for writing. |
| 1514 | */ | 1522 | */ |