diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/path.c | 9 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 9 |
2 files changed, 8 insertions, 10 deletions
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 96bab9469d48..19358dc14605 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c | |||
| @@ -62,19 +62,14 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, | |||
| 62 | int deleted, connected; | 62 | int deleted, connected; |
| 63 | int error = 0; | 63 | int error = 0; |
| 64 | 64 | ||
| 65 | /* Get the root we want to resolve too */ | 65 | /* Get the root we want to resolve too, released below */ |
| 66 | if (flags & PATH_CHROOT_REL) { | 66 | if (flags & PATH_CHROOT_REL) { |
| 67 | /* resolve paths relative to chroot */ | 67 | /* resolve paths relative to chroot */ |
| 68 | read_lock(¤t->fs->lock); | 68 | get_fs_root(current->fs, &root); |
| 69 | root = current->fs->root; | ||
| 70 | /* released below */ | ||
| 71 | path_get(&root); | ||
| 72 | read_unlock(¤t->fs->lock); | ||
| 73 | } else { | 69 | } else { |
| 74 | /* resolve paths relative to namespace */ | 70 | /* resolve paths relative to namespace */ |
| 75 | root.mnt = current->nsproxy->mnt_ns->root; | 71 | root.mnt = current->nsproxy->mnt_ns->root; |
| 76 | root.dentry = root.mnt->mnt_root; | 72 | root.dentry = root.mnt->mnt_root; |
| 77 | /* released below */ | ||
| 78 | path_get(&root); | 73 | path_get(&root); |
| 79 | } | 74 | } |
| 80 | 75 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 42043f96e54f..4796ddd4e721 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2170,8 +2170,9 @@ static inline void flush_unauthorized_files(const struct cred *cred, | |||
| 2170 | 2170 | ||
| 2171 | tty = get_current_tty(); | 2171 | tty = get_current_tty(); |
| 2172 | if (tty) { | 2172 | if (tty) { |
| 2173 | file_list_lock(); | 2173 | spin_lock(&tty_files_lock); |
| 2174 | if (!list_empty(&tty->tty_files)) { | 2174 | if (!list_empty(&tty->tty_files)) { |
| 2175 | struct tty_file_private *file_priv; | ||
| 2175 | struct inode *inode; | 2176 | struct inode *inode; |
| 2176 | 2177 | ||
| 2177 | /* Revalidate access to controlling tty. | 2178 | /* Revalidate access to controlling tty. |
| @@ -2179,14 +2180,16 @@ static inline void flush_unauthorized_files(const struct cred *cred, | |||
| 2179 | than using file_has_perm, as this particular open | 2180 | than using file_has_perm, as this particular open |
| 2180 | file may belong to another process and we are only | 2181 | file may belong to another process and we are only |
| 2181 | interested in the inode-based check here. */ | 2182 | interested in the inode-based check here. */ |
| 2182 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); | 2183 | file_priv = list_first_entry(&tty->tty_files, |
| 2184 | struct tty_file_private, list); | ||
| 2185 | file = file_priv->file; | ||
| 2183 | inode = file->f_path.dentry->d_inode; | 2186 | inode = file->f_path.dentry->d_inode; |
| 2184 | if (inode_has_perm(cred, inode, | 2187 | if (inode_has_perm(cred, inode, |
| 2185 | FILE__READ | FILE__WRITE, NULL)) { | 2188 | FILE__READ | FILE__WRITE, NULL)) { |
| 2186 | drop_tty = 1; | 2189 | drop_tty = 1; |
| 2187 | } | 2190 | } |
| 2188 | } | 2191 | } |
| 2189 | file_list_unlock(); | 2192 | spin_unlock(&tty_files_lock); |
| 2190 | tty_kref_put(tty); | 2193 | tty_kref_put(tty); |
| 2191 | } | 2194 | } |
| 2192 | /* Reset controlling tty. */ | 2195 | /* Reset controlling tty. */ |