diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d85b793c9321..f7d7e779c7f3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2708,6 +2708,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 2708 | { | 2708 | { |
| 2709 | const struct cred *cred = current_cred(); | 2709 | const struct cred *cred = current_cred(); |
| 2710 | unsigned int ia_valid = iattr->ia_valid; | 2710 | unsigned int ia_valid = iattr->ia_valid; |
| 2711 | __u32 av = FILE__WRITE; | ||
| 2711 | 2712 | ||
| 2712 | /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ | 2713 | /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ |
| 2713 | if (ia_valid & ATTR_FORCE) { | 2714 | if (ia_valid & ATTR_FORCE) { |
| @@ -2721,7 +2722,10 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 2721 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) | 2722 | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) |
| 2722 | return dentry_has_perm(cred, dentry, FILE__SETATTR); | 2723 | return dentry_has_perm(cred, dentry, FILE__SETATTR); |
| 2723 | 2724 | ||
| 2724 | return dentry_has_perm(cred, dentry, FILE__WRITE); | 2725 | if (ia_valid & ATTR_SIZE) |
| 2726 | av |= FILE__OPEN; | ||
| 2727 | |||
| 2728 | return dentry_has_perm(cred, dentry, av); | ||
| 2725 | } | 2729 | } |
| 2726 | 2730 | ||
| 2727 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 2731 | static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |