On Mon, 28 Jul 2008, Stephen Smalley wrote:
> SELinux needs MAY_APPEND to be passed down to the security hook.
> Otherwise, we get permission denials when only append permission is
> granted by policy even if the opening process specified O_APPEND.
> Shows up as a regression in the ltp selinux testsuite, fixed by
> this patch.
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#hotfixes
Al, holler if you want to push this through your tree.
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index a7b0a0b..b91e973 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
return retval;
return security_inode_permission(inode,
- mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
+ mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
}
/**
- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
