On Thu, Feb 20, 2020 at 10:32 AM Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> wrote: > > Add Q_XQUOTAOFF, Q_XQUOTAON and Q_XSETQLIM to trigger filesystem quotamod > permission check. > > Add Q_XGETQUOTA, Q_XGETQSTAT, Q_XGETQSTATV and Q_XGETNEXTQUOTA to trigger > filesystem quotaget permission check. > > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 7 +++++++ > 1 file changed, 7 insertions(+) Thanks Richard, I've merged this into selinux/next. > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 46a8f3e7d..974228313 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2145,11 +2145,18 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) > case Q_QUOTAOFF: > case Q_SETINFO: > case Q_SETQUOTA: > + case Q_XQUOTAOFF: > + case Q_XQUOTAON: > + case Q_XSETQLIM: > rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); > break; > case Q_GETFMT: > case Q_GETINFO: > case Q_GETQUOTA: > + case Q_XGETQUOTA: > + case Q_XGETQSTAT: > + case Q_XGETQSTATV: > + case Q_XGETNEXTQUOTA: > rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); > break; > default: > -- > 2.24.1 -- paul moore www.paul-moore.com
