make exec_permission(dir) really equivalent to inode_permission(dir, MAY_EXEC)
capability overrides apply only to the default case; if fs has ->permission() that does _not_ call generic_permission(), we have no business doing them. Moreover, if it has ->permission() that does call generic_permission(), we have no need to recheck capabilities. Besides, the capability overrides should apply only if we got EACCES from acl_permission_check(); any other value (-EIO, etc.) should be returned to caller, capabilities or not capabilities. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
18
fs/namei.c
18
fs/namei.c
@@ -584,19 +584,19 @@ static inline int exec_permission(struct inode *inode, unsigned int flags)
|
|||||||
|
|
||||||
if (inode->i_op->permission) {
|
if (inode->i_op->permission) {
|
||||||
ret = inode->i_op->permission(inode, MAY_EXEC, flags);
|
ret = inode->i_op->permission(inode, MAY_EXEC, flags);
|
||||||
|
if (likely(!ret))
|
||||||
|
goto ok;
|
||||||
} else {
|
} else {
|
||||||
ret = acl_permission_check(inode, MAY_EXEC, flags,
|
ret = acl_permission_check(inode, MAY_EXEC, flags,
|
||||||
inode->i_op->check_acl);
|
inode->i_op->check_acl);
|
||||||
|
if (likely(!ret))
|
||||||
|
goto ok;
|
||||||
|
if (ret != -EACCES)
|
||||||
|
return ret;
|
||||||
|
if (ns_capable(ns, CAP_DAC_OVERRIDE) ||
|
||||||
|
ns_capable(ns, CAP_DAC_READ_SEARCH))
|
||||||
|
goto ok;
|
||||||
}
|
}
|
||||||
if (likely(!ret))
|
|
||||||
goto ok;
|
|
||||||
if (ret == -ECHILD)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
if (ns_capable(ns, CAP_DAC_OVERRIDE) ||
|
|
||||||
ns_capable(ns, CAP_DAC_READ_SEARCH))
|
|
||||||
goto ok;
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
ok:
|
ok:
|
||||||
return security_inode_exec_permission(inode, flags);
|
return security_inode_exec_permission(inode, flags);
|
||||||
|
|||||||
Reference in New Issue
Block a user