aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/vfs.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 14:43:54 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 14:43:54 -0500
commitbb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
treec7867af2bb4ff0feae889183efcd4d79b0f9a325 /fs/nfsd/vfs.c
parente14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parentcbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits) SELinux: don't check permissions for kernel mounts security: pass mount flags to security_sb_kern_mount() SELinux: correctly detect proc filesystems of the form "proc/foo" Audit: Log TIOCSTI user namespaces: document CFS behavior user namespaces: require cap_set{ug}id for CLONE_NEWUSER user namespaces: let user_ns be cloned with fairsched CRED: fix sparse warnings User namespaces: use the current_user_ns() macro User namespaces: set of cleanups (v2) nfsctl: add headers for credentials coda: fix creds reference capabilities: define get_vfs_caps_from_disk when file caps are not enabled CRED: Allow kernel services to override LSM settings for task actions CRED: Add a kernel_service object class to SELinux CRED: Differentiate objective and effective subjective credentials on a task CRED: Documentation CRED: Use creds in file structs CRED: Prettify commoncap.c CRED: Make execve() take advantage of copy-on-write credentials ...
Diffstat (limited to 'fs/nfsd/vfs.c')
-rw-r--r--fs/nfsd/vfs.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 4433c8f00163..d1c5f787b365 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -671,6 +671,7 @@ __be32
671nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, 671nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
672 int access, struct file **filp) 672 int access, struct file **filp)
673{ 673{
674 const struct cred *cred = current_cred();
674 struct dentry *dentry; 675 struct dentry *dentry;
675 struct inode *inode; 676 struct inode *inode;
676 int flags = O_RDONLY|O_LARGEFILE; 677 int flags = O_RDONLY|O_LARGEFILE;
@@ -725,7 +726,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
725 DQUOT_INIT(inode); 726 DQUOT_INIT(inode);
726 } 727 }
727 *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), 728 *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt),
728 flags); 729 flags, cred);
729 if (IS_ERR(*filp)) 730 if (IS_ERR(*filp))
730 host_err = PTR_ERR(*filp); 731 host_err = PTR_ERR(*filp);
731out_nfserr: 732out_nfserr:
@@ -1169,7 +1170,7 @@ nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp,
1169 * send along the gid on create when it tries to implement 1170 * send along the gid on create when it tries to implement
1170 * setgid directories via NFS: 1171 * setgid directories via NFS:
1171 */ 1172 */
1172 if (current->fsuid != 0) 1173 if (current_fsuid() != 0)
1173 iap->ia_valid &= ~(ATTR_UID|ATTR_GID); 1174 iap->ia_valid &= ~(ATTR_UID|ATTR_GID);
1174 if (iap->ia_valid) 1175 if (iap->ia_valid)
1175 return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); 1176 return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0);
@@ -2001,7 +2002,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2001 IS_APPEND(inode)? " append" : "", 2002 IS_APPEND(inode)? " append" : "",
2002 __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); 2003 __mnt_is_readonly(exp->ex_path.mnt)? " ro" : "");
2003 dprintk(" owner %d/%d user %d/%d\n", 2004 dprintk(" owner %d/%d user %d/%d\n",
2004 inode->i_uid, inode->i_gid, current->fsuid, current->fsgid); 2005 inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid());
2005#endif 2006#endif
2006 2007
2007 /* Normally we reject any write/sattr etc access on a read-only file 2008 /* Normally we reject any write/sattr etc access on a read-only file
@@ -2044,7 +2045,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2044 * with NFSv3. 2045 * with NFSv3.
2045 */ 2046 */
2046 if ((acc & NFSD_MAY_OWNER_OVERRIDE) && 2047 if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
2047 inode->i_uid == current->fsuid) 2048 inode->i_uid == current_fsuid())
2048 return 0; 2049 return 0;
2049 2050
2050 /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ 2051 /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */