]> Git Repo - linux.git/commit - security/selinux/hooks.c
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0da939b) | patch
SELinux: check open perms in dentry_open not inode_permission
authorEric Paris <[email protected]>
Wed, 29 Oct 2008 21:06:46 +0000 (17:06 -0400)
committerJames Morris <[email protected]>
Thu, 30 Oct 2008 15:00:52 +0000 (02:00 +1100)
commit8b6a5a37f87a414ef8636e36ec75accb27bb7508
tree26ff1dddb3c8727118b24819e83b4b7c500ff595tree | snapshot
parent0da939b0058742ad2d8580b7db6b966d0fc72252commit | diff
SELinux: check open perms in dentry_open not inode_permission

Some operations, like searching a directory path or connecting a unix domain
socket, make explicit calls into inode_permission.  Our choices are to
either try to come up with a signature for all of the explicit calls to
inode_permission and do not check open on those, or to move the open checks to
dentry_open where we know this is always an open operation.  This patch moves
the checks to dentry_open.

Signed-off-by: Eric Paris <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: James Morris <[email protected]>
security/selinux/hooks.c diff | blob | blame | history
Empty description
This page took 0.056104 seconds and 4 git commands to generate.