Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree

for July 17: early crash on x86-64) SELinux needs MAY_APPEND to be passed down to the security hook. Otherwise, we get permission denials when only append permission is granted by policy even if the opening process specified O_APPEND. Shows up as a regression in the ltp selinux testsuite, fixed by this patch. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Stephen Smalley <sds@tycho.nsa.gov> 2008-07-28 13:32:38 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-08-01 11:25:21 -0400
commit: f418b006079ce537daf9436215f1d2a47e451602 (patch)
tree: c61320192312898c0b0ac2a67398d5c81613f8cb /fs/namei.c
parent: 94ad374a0751f40d25e22e036c37f7263569d24c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namei.c b/fs/namei.c
index a7b0a0b80128..b91e9732b24a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
                return retval;
        return security_inode_permission(inode,
-                        mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
+                        mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
 }
 /**
author	Stephen Smalley <sds@tycho.nsa.gov>	2008-07-28 13:32:38 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-08-01 11:25:21 -0400
commit	f418b006079ce537daf9436215f1d2a47e451602 (patch)
tree	c61320192312898c0b0ac2a67398d5c81613f8cb /fs/namei.c
parent	94ad374a0751f40d25e22e036c37f7263569d24c (diff)

diff --git a/fs/namei.c b/fs/namei.c index a7b0a0b80128..b91e9732b24a 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
274	return retval;	274	return retval;
275		275
276	return security_inode_permission(inode,	276	return security_inode_permission(inode,
277	mask & (MAY_READ\|MAY_WRITE\|MAY_EXEC));	277	mask & (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND));
278	}	278	}
279		279
280	/**	280	/**