From: Eric Paris <eparis@redhat.com>
To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: viro@zeniv.linux.org.uk, hch@infradead.org
Subject: [PATCH] vfs: new FROM_ACCESS flag
Date: Sun, 20 Sep 2009 21:30:48 -0400 [thread overview]
Message-ID: <20090921013048.2763.1494.stgit@paris.rdu.redhat.com> (raw)
This new acc_mode flag is just to tell the security system this inode
permission check is from the access system call. The security system can
use this information as it finds appropriete. In particular SELinux plans to
use this flag to alter what we choose to audit and what we do not choose to
audit.
Signed-off-by: Eric Paris <eparis@redhat.com>
---
fs/open.c | 2 +-
include/linux/fs.h | 5 +++++
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 1940498..ad9e17f 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -495,7 +495,7 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
goto out_path_release;
}
- res = inode_permission(inode, mode | MAY_ACCESS);
+ res = inode_permission(inode, mode | MAY_ACCESS | FROM_ACCESS);
/* SuS v2 requires we report a read only fs too */
if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
goto out_path_release;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 5df69f0..7ff00dc 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -60,6 +60,11 @@ struct inodes_stat_t {
*/
#define MAY_ACCESS 16
#define MAY_OPEN 32
+/*
+ * This flag is only set in the access() and accessat() syscalls and can
+ * be used by the security system as it deems reasonable.
+ */
+#define FROM_ACCESS 64
/*
* flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond
next reply other threads:[~2009-09-21 1:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-21 1:30 Eric Paris [this message]
2009-09-21 8:20 ` [PATCH] vfs: new FROM_ACCESS flag Jamie Lokier
2009-09-22 13:56 ` Christoph Hellwig
2009-09-22 17:28 ` Eric Paris
2009-09-22 20:06 ` Christoph Hellwig
2009-09-23 8:48 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090921013048.2763.1494.stgit@paris.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).