shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 20:07:46 +09:00
Code Issues Packages Projects Releases Wiki Activity

ovl: check permission to open real file

Browse Source 
Call inode_permission() on real inode before opening regular file on one of
the underlying layers.

In some cases ovl_permission() already checks access to an underlying file,
but it misses the metacopy case, and possibly other ones as well.

Removing the redundant permission check from ovl_permission() should be
considered later.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
Miklos Szeredi
2020-06-02 22:20:26 +02:00
parent 292f902a40
commit 05acefb487
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
fs/overlayfs/file.c
View File

@@ -40,10 +40,22 @@ static struct file *ovl_open_realfile(const struct file *file,
struct file *realfile; struct file *realfile;
const struct cred *old_cred; const struct cred *old_cred;
int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY; int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY;
int acc_mode = ACC_MODE(flags);
int err;
if (flags & O_APPEND)
acc_mode |= MAY_APPEND;
old_cred = ovl_override_creds(inode->i_sb); old_cred = ovl_override_creds(inode->i_sb);
realfile = open_with_fake_path(&file->f_path, flags, realinode, err = inode_permission(realinode, MAY_OPEN | acc_mode);
current_cred()); if (err) {
realfile = ERR_PTR(err);
} else if (!inode_owner_or_capable(realinode)) {
realfile = ERR_PTR(-EPERM);
} else {
realfile = open_with_fake_path(&file->f_path, flags, realinode,
current_cred());
}
revert_creds(old_cred); revert_creds(old_cred);
pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",