From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Morris Subject: Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree for July 17: early crash on x86-64) Date: Tue, 29 Jul 2008 07:38:17 +1000 (EST) Message-ID: References: <20080718012842.690b8346.sfr@canb.auug.org.au> <20080719035231.GU28946@ZenIV.linux.org.uk> <200807192042.06988.rjw@sisk.pl> <1216546973.3217.6.camel@dhcppc2> <20080720121559.GV28946@ZenIV.linux.org.uk> <1217266358.20373.54.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Return-path: In-Reply-To: <1217266358.20373.54.camel-/ugcdrsPCSfIm9DtXLC9OUVfdvkotuLY+aIohriVLy8@public.gmane.org> Sender: kernel-testers-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Stephen Smalley Cc: Al Viro , Thomas Meyer , "Rafael J. Wysocki" , Alexander Beregalov , Stephen Rothwell , linux-next-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, LKML , Ingo Molnar , Kernel Testers List , Eric Paris , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-next.vger.kernel.org On Mon, 28 Jul 2008, Stephen Smalley wrote: > SELinux needs MAY_APPEND to be passed down to the security hook. > Otherwise, we get permission denials when only append permission is > granted by policy even if the opening process specified O_APPEND. > Shows up as a regression in the ltp selinux testsuite, fixed by > this patch. > > Signed-off-by: Stephen Smalley Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#hotfixes Al, holler if you want to push this through your tree. --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index a7b0a0b..b91e973 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask) return retval; return security_inode_permission(inode, - mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); + mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND)); } /** - James -- James Morris