Searched hist:"2 a4c2242" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/fs/ |
H A D | namei.c | 2a4c2242 Fri Mar 10 11:14:18 CST 2017 Stephen Smalley <sds@tycho.nsa.gov> fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks
generic_permission() presently checks CAP_DAC_OVERRIDE prior to CAP_DAC_READ_SEARCH. This can cause misleading audit messages when using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE may not be required for the operation. Flip the order of the tests so that CAP_DAC_OVERRIDE is only checked when required for the operation.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2a4c2242 Fri Mar 10 11:14:18 CST 2017 Stephen Smalley <sds@tycho.nsa.gov> fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks generic_permission() presently checks CAP_DAC_OVERRIDE prior to CAP_DAC_READ_SEARCH. This can cause misleading audit messages when using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE may not be required for the operation. Flip the order of the tests so that CAP_DAC_OVERRIDE is only checked when required for the operation. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
|