shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-24 19:40:21 +09:00
Code Issues Packages Projects Releases Wiki Activity

UBUNTU: ubuntu: overlayfs -- ovl: switch to __inode_permission()

Browse Source 
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.

Switch over to __inode_permissions.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
This commit is contained in:
Andy Whitcroft
2012-05-01 16:17:52 +01:00
committed by Tim Gardner
parent 12de1d2f69
commit fd49c0a77e
1 changed files with 1 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
fs/overlayfs/inode.c
View File

@@ -100,19 +100,9 @@ int ovl_permission(struct inode *inode, int mask)
if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
goto out_dput;
/*
* Nobody gets write access to an immutable file.
*/
err = -EACCES;
if (IS_IMMUTABLE(realinode))
goto out_dput;
}
if (realinode->i_op->permission)
err = realinode->i_op->permission(realinode, mask);
else
err = generic_permission(realinode, mask);
err = __inode_permission(realinode, mask);
out_dput:
dput(alias);
return err;