lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

massage generic_permission() to treat directories on a separate path

Browse Source 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
2011-06-20 19:55:42 -04:00
parent eecdd358b4
commit d594e7ec4d
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
fs/namei.c
View File

@@ -235,12 +235,21 @@ int generic_permission(struct inode *inode, int mask)
if (ret != -EACCES) if (ret != -EACCES)
return ret; return ret;
if (S_ISDIR(inode->i_mode)) {
/* DACs are overridable for directories */
if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
return 0;
if (!(mask & MAY_WRITE))
if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
return 0;
return -EACCES;
}
/* /*
* Read/write DACs are always overridable. * Read/write DACs are always overridable.
* Executable DACs are overridable for all directories and * Executable DACs are overridable when there is
* for non-directories that have least one exec bit set. * at least one exec bit set.
*/ */
if (!(mask & MAY_EXEC) || execute_ok(inode)) if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
return 0; return 0;
@@ -248,7 +257,7 @@ int generic_permission(struct inode *inode, int mask)
* Searching includes executable on directories, else just read. * Searching includes executable on directories, else just read.
*/ */
mask &= MAY_READ | MAY_WRITE | MAY_EXEC; mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) if (mask == MAY_READ)
if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
return 0; return 0;