Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree for July 17: early crash on x86-64)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 28 Jul 2008, Stephen Smalley wrote:

> SELinux needs MAY_APPEND to be passed down to the security hook.
> Otherwise, we get permission denials when only append permission is
> granted by policy even if the opening process specified O_APPEND.
> Shows up as a regression in the ltp selinux testsuite, fixed by
> this patch.
> 
> Signed-off-by:  Stephen Smalley <sds@xxxxxxxxxxxxx>

Applied to  
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#hotfixes


Al, holler if you want to push this through your tree.


---

 fs/namei.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index a7b0a0b..b91e973 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
                return retval;
 
        return security_inode_permission(inode,
-                       mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
+                       mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
 }
 
 /**



- James
-- 
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux