diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-07-28 13:32:38 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-08-01 11:25:21 -0400 |
commit | f418b006079ce537daf9436215f1d2a47e451602 (patch) | |
tree | c61320192312898c0b0ac2a67398d5c81613f8cb /fs | |
parent | 94ad374a0751f40d25e22e036c37f7263569d24c (diff) |
Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
for July 17: early crash on x86-64)
SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namei.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namei.c b/fs/namei.c index a7b0a0b80128..b91e9732b24a 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask) | |||
274 | return retval; | 274 | return retval; |
275 | 275 | ||
276 | return security_inode_permission(inode, | 276 | return security_inode_permission(inode, |
277 | mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); | 277 | mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND)); |
278 | } | 278 | } |
279 | 279 | ||
280 | /** | 280 | /** |