On Sun, 2008-07-20 at 13:15 +0100, Al Viro wrote: > On Sun, Jul 20, 2008 at 11:42:53AM +0200, Thomas Meyer wrote: > > Am Sonntag, den 20.07.2008, 05:54 +1000 schrieb James Morris: > > > On Sat, 19 Jul 2008, Rafael J. Wysocki wrote: > > > > > > > > vfs-next/net-next conflict; apply the patch below on top of the > > > merge. > > > > > > > > That helped, thanks. > > > > > > > > But next it ran into the BUG_ON() in line 883 of > > > security/selinux/avc.c . > > > > Disabling selinux made the kernel boot, finally. > > > > > > Ugh, that's not supposed to happen. Where was this in the boot? Do > > > you > > > have a console log? > > Argh... Fallout from ->permission() patch series. I've folded that into > rebase (along with Randy's compile fixes and missing bit in capability.c > in ->inode_permission() patch; AFAICS takes care of all mismerges as well). > In the meanwhile, see the patch below on top of next-20080718: > > diff --git a/fs/namei.c b/fs/namei.c > index a15c155..c0a64e2 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -286,7 +286,8 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) > if (retval) > return retval; > > - return security_inode_permission(inode, mask); > + return security_inode_permission(inode, > + mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); > } > > /** SELinux needs MAY_APPEND to be passed down to the security hook. Otherwise, we get permission denials when only append permission is granted by policy even if the opening process specified O_APPEND. Shows up as a regression in the ltp selinux testsuite, fixed by this patch. Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index a7b0a0b..b91e973 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask) return retval; return security_inode_permission(inode, - mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); + mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND)); } /** -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
