diff options
author | Jeff Mahoney <jeffm@suse.com> | 2008-05-02 15:03:58 -0400 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2008-09-25 11:04:02 -0400 |
commit | 12fa8ec64f445aa932ba154053fe95432f30f2c6 (patch) | |
tree | bcc8b5799bfb81da13bc6ce7a65b281e7374dd5e /fs | |
parent | bb8885cc0aa6b1606143d92c70762b16026016a5 (diff) |
Btrfs: Add workaround for AppArmor changing remove_suid()
In openSUSE 10.3, AppArmor modifies remove_suid to take a struct path
rather than just a dentry. This patch tests that the kernel is openSUSE
10.3 or newer and adjusts the call accordingly.
Debian/Ubuntu with AppArmor applied will also need a similar patch.
Maintainers of btrfs under those distributions should build on this
patch or, alternatively, alter their package descriptions to add
-DREMOVE_SUID_PATH to the compiler command line.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
- --- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ b/compat.h 2008-02-06 16:46:13.000000000 -0500
@@ -0,0 +1,15 @@
+#ifndef _COMPAT_H_
+#define _COMPAT_H_
+
+
+/*
+ * Even if AppArmor isn't enabled, it still has different prototypes.
+ * Add more distro/version pairs here to declare which has AppArmor applied.
+ */
+#if defined(CONFIG_SUSE_KERNEL)
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+# define REMOVE_SUID_PATH 1
+# endif
+#endif
+
+#endif /* _COMPAT_H_ */
- --- a/file.c 2008-02-06 11:37:39.000000000 -0500
+++ b/file.c 2008-02-06 16:46:23.000000000 -0500
@@ -37,6 +37,7 @@
#include "ordered-data.h"
#include "ioctl.h"
#include "print-tree.h"
+#include "compat.h"
static int btrfs_copy_from_user(loff_t pos, int num_pages, int write_bytes,
@@ -790,7 +791,11 @@ static ssize_t btrfs_file_write(struct f
goto out_nolock;
if (count == 0)
goto out_nolock;
+#ifdef REMOVE_SUID_PATH
+ err = remove_suid(&file->f_path);
+#else
err = remove_suid(fdentry(file));
+#endif
if (err)
goto out_nolock;
file_update_time(file);
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/btrfs/compat.h | 25 | ||||
-rw-r--r-- | fs/btrfs/file.c | 5 |
2 files changed, 30 insertions, 0 deletions
diff --git a/fs/btrfs/compat.h b/fs/btrfs/compat.h new file mode 100644 index 000000000000..d39a768e65ff --- /dev/null +++ b/fs/btrfs/compat.h | |||
@@ -0,0 +1,25 @@ | |||
1 | #ifndef _COMPAT_H_ | ||
2 | #define _COMPAT_H_ | ||
3 | |||
4 | |||
5 | /* | ||
6 | * Even if AppArmor isn't enabled, it still has different prototypes. | ||
7 | * Add more distro/version pairs here to declare which has AppArmor applied. | ||
8 | */ | ||
9 | #if defined(CONFIG_SUSE_KERNEL) | ||
10 | # if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) | ||
11 | # define REMOVE_SUID_PATH 1 | ||
12 | # endif | ||
13 | #endif | ||
14 | |||
15 | /* | ||
16 | * catch any other distros that have patched in apparmor. This isn't | ||
17 | * 100% reliable because it won't catch people that hand compile their | ||
18 | * own distro kernels without apparmor compiled in. But, it is better | ||
19 | * than nothing. | ||
20 | */ | ||
21 | #ifdef CONFIG_SECURITY_APPARMOR | ||
22 | # define REMOVE_SUID_PATH 1 | ||
23 | #endif | ||
24 | |||
25 | #endif /* _COMPAT_H_ */ | ||
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index c89c3ac4b23b..df97d470812a 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c | |||
@@ -37,6 +37,7 @@ | |||
37 | #include "ordered-data.h" | 37 | #include "ordered-data.h" |
38 | #include "ioctl.h" | 38 | #include "ioctl.h" |
39 | #include "print-tree.h" | 39 | #include "print-tree.h" |
40 | #include "compat.h" | ||
40 | 41 | ||
41 | 42 | ||
42 | static int btrfs_copy_from_user(loff_t pos, int num_pages, int write_bytes, | 43 | static int btrfs_copy_from_user(loff_t pos, int num_pages, int write_bytes, |
@@ -852,7 +853,11 @@ static ssize_t btrfs_file_write(struct file *file, const char __user *buf, | |||
852 | goto out_nolock; | 853 | goto out_nolock; |
853 | if (count == 0) | 854 | if (count == 0) |
854 | goto out_nolock; | 855 | goto out_nolock; |
856 | #ifdef REMOVE_SUID_PATH | ||
857 | err = remove_suid(&file->f_path); | ||
858 | #else | ||
855 | err = remove_suid(fdentry(file)); | 859 | err = remove_suid(fdentry(file)); |
860 | #endif | ||
856 | if (err) | 861 | if (err) |
857 | goto out_nolock; | 862 | goto out_nolock; |
858 | file_update_time(file); | 863 | file_update_time(file); |