]>
Commit | Line | Data |
---|---|---|
68184a5a JR |
1 | From 8b0d519c119a64887df868e7f821e8a714da3d71 Mon Sep 17 00:00:00 2001 |
2 | From: Andy Whitcroft <apw@canonical.com> | |
3 | Date: Tue, 1 May 2012 16:17:52 +0100 | |
4 | Subject: [PATCH 12/13] ovl: switch to __inode_permission() | |
5 | Patch-mainline: not yet | |
6 | ||
7 | When checking permissions on an overlayfs inode we do not take into | |
8 | account either device cgroup restrictions nor security permissions. | |
9 | This allows a user to mount an overlayfs layer over a restricted device | |
10 | directory and by pass those permissions to open otherwise restricted | |
11 | files. | |
12 | ||
13 | Switch over to __inode_permissions. | |
14 | ||
15 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
16 | Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> | |
17 | --- | |
18 | fs/overlayfs/inode.c | 12 +----------- | |
19 | 1 file changed, 1 insertion(+), 11 deletions(-) | |
20 | ||
21 | Index: linux-3.6-rc7-master/fs/overlayfs/inode.c | |
22 | =================================================================== | |
23 | --- linux-3.6-rc7-master.orig/fs/overlayfs/inode.c 2012-09-28 13:37:02.000000000 +0200 | |
24 | +++ linux-3.6-rc7-master/fs/overlayfs/inode.c 2012-09-28 13:37:08.000000000 +0200 | |
25 | @@ -100,19 +100,9 @@ int ovl_permission(struct inode *inode, | |
26 | if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && | |
27 | (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) | |
28 | goto out_dput; | |
29 | - | |
30 | - /* | |
31 | - * Nobody gets write access to an immutable file. | |
32 | - */ | |
33 | - err = -EACCES; | |
34 | - if (IS_IMMUTABLE(realinode)) | |
35 | - goto out_dput; | |
36 | } | |
37 | ||
38 | - if (realinode->i_op->permission) | |
39 | - err = realinode->i_op->permission(realinode, mask); | |
40 | - else | |
41 | - err = generic_permission(realinode, mask); | |
42 | + err = __inode_permission(realinode, mask); | |
43 | out_dput: | |
44 | dput(alias); | |
45 | return err; |