From: Andy Whitcroft <apw@canonical.com>
To: Miklos Szeredi <miklos@szeredi.hu>, Andy Whitcroft <apw@canonical.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
mszeredi@suse.cz, Sedat Dilek <sedat.dilek@gmail.com>
Subject: [PATCH 1/5] inode_only_permission: export inode level permissions checks
Date: Tue, 1 May 2012 16:17:51 +0100 [thread overview]
Message-ID: <1335885475-11990-2-git-send-email-apw@canonical.com> (raw)
In-Reply-To: <1335885475-11990-1-git-send-email-apw@canonical.com>
We need to be able to check inode permissions (but not filesystem implied
permissions) for stackable filesystems. Now that permissions involve
checking with the security LSM, cgroups and basic inode permissions it is
easy to miss a key permission check and introduce a security vunerability.
Expose a new interface for these checks.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
fs/namei.c | 48 +++++++++++++++++++++++++++++++-----------------
include/linux/fs.h | 1 +
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 0062dd1..744bd38 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -328,6 +328,36 @@ static inline int do_inode_permission(struct inode *inode, int mask)
}
/**
+ * inode_only_permission - check access rights to a given inode only
+ * @inode: inode to check permissions on
+ * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC, ...)
+ *
+ * Uses to check read/write/execute permissions on an inode directly, we do
+ * not check filesystem permissions.
+ */
+int inode_only_permission(struct inode *inode, int mask)
+{
+ int retval;
+
+ /*
+ * Nobody gets write access to an immutable file.
+ */
+ if (unlikely(mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+ return -EACCES;
+
+ retval = do_inode_permission(inode, mask);
+ if (retval)
+ return retval;
+
+ retval = devcgroup_inode_permission(inode, mask);
+ if (retval)
+ return retval;
+
+ return security_inode_permission(inode, mask);
+}
+EXPORT_SYMBOL(inode_only_permission);
+
+/**
* inode_permission - check for access rights to a given inode
* @inode: inode to check permission on
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC, ...)
@@ -341,8 +371,6 @@ static inline int do_inode_permission(struct inode *inode, int mask)
*/
int inode_permission(struct inode *inode, int mask)
{
- int retval;
-
if (unlikely(mask & MAY_WRITE)) {
umode_t mode = inode->i_mode;
@@ -352,23 +380,9 @@ int inode_permission(struct inode *inode, int mask)
if (IS_RDONLY(inode) &&
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
return -EROFS;
-
- /*
- * Nobody gets write access to an immutable file.
- */
- if (IS_IMMUTABLE(inode))
- return -EACCES;
}
- retval = do_inode_permission(inode, mask);
- if (retval)
- return retval;
-
- retval = devcgroup_inode_permission(inode, mask);
- if (retval)
- return retval;
-
- return security_inode_permission(inode, mask);
+ return inode_only_permission(inode, mask);
}
/**
diff --git a/include/linux/fs.h b/include/linux/fs.h
index fdd1d38..0b531ab 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2226,6 +2226,7 @@ extern sector_t bmap(struct inode *, sector_t);
#endif
extern int notify_change(struct dentry *, struct iattr *);
extern int inode_permission(struct inode *, int);
+extern int inode_only_permission(struct inode *, int);
extern int generic_permission(struct inode *, int);
static inline bool execute_ok(struct inode *inode)
--
1.7.9.5
next prev parent reply other threads:[~2012-05-01 15:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-01 15:17 [PATCH 0/5] overlayfs v3.4-rc5 updates Andy Whitcroft
2012-05-01 15:17 ` Andy Whitcroft [this message]
2012-05-01 15:17 ` [PATCH 2/5] overlayfs: switch to use inode_only_permissions Andy Whitcroft
2012-05-01 15:17 ` [PATCH 3/5] overlayfs: follow header cleanup Andy Whitcroft
2012-05-01 15:17 ` [PATCH 4/5] overlayfs: switch from d_alloc_root() to d_make_root() Andy Whitcroft
2012-05-01 15:17 ` [PATCH 5/5] overlayfs: update touch_atime() usage Andy Whitcroft
2012-05-14 11:20 ` [PATCH 0/5] overlayfs v3.4-rc5 updates Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1335885475-11990-2-git-send-email-apw@canonical.com \
--to=apw@canonical.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@suse.cz \
--cc=sedat.dilek@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).