Re: [MERGE] integrity / vfs merge conflict resolved
From: Mimi Zohar
Date: Thu Feb 05 2009 - 21:15:15 EST
On Fri, 2009-02-06 at 11:05 +1100, James Morris wrote:
> I manually resolved a conflict between Linus and
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
>
> as follows (please review).
It looks fine.
> commit cb5629b10d64a8006622ce3a52bc887d91057d69
> Merge: 8920d5a... f01d1d5...
> Author: James Morris <jmorris@xxxxxxxxx>
> Date: Fri Feb 6 11:01:45 2009 +1100
>
> Merge branch 'master' into next
>
> Conflicts:
> fs/namei.c
>
> Manually merged per:
>
> diff --cc fs/namei.c
> index 734f2b5,bbc15c2..0000000
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char
> nd->flags |= LOOKUP_CONTINUE;
> err = exec_permission_lite(inode);
> if (err == -EAGAIN)
> - err = vfs_permission(nd, MAY_EXEC);
> + err = inode_permission(nd->path.dentry->d_inode,
> + MAY_EXEC);
> + if (!err)
> + err = ima_path_check(&nd->path, MAY_EXEC);
> if (err)
> break;
>
> @@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
> flag &= ~O_TRUNC;
> }
>
> - error = vfs_permission(nd, acc_mode);
> + error = inode_permission(inode, acc_mode);
> if (error)
> return error;
> +
> - error = ima_path_check(&nd->path,
> ++ error = ima_path_check(path,
> + acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
> + if (error)
> + return error;
> /*
> * An append-only file must be opened in append mode for writing.
> */
>
> Signed-off-by: James Morris <jmorris@xxxxxxxxx>
>
> diff --cc fs/exec.c
> index 9c789a5,0dd60a0..febfd8e
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@@ -128,12 -123,10 +124,13 @@@ SYSCALL_DEFINE1(uselib, const char __us
> if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
> goto exit;
>
> - error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
> + error = inode_permission(nd.path.dentry->d_inode,
> + MAY_READ | MAY_EXEC | MAY_OPEN);
> if (error)
> goto exit;
> + error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN);
> + if (error)
> + goto exit;
>
> file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
> error = PTR_ERR(file);
> @@@ -684,12 -671,9 +675,12 @@@ struct file *open_exec(const char *name
> if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
> goto out_path_put;
>
> - err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
> + err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN);
> if (err)
> goto out_path_put;
> + err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN);
> + if (err)
> + goto out_path_put;
>
> file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
> if (IS_ERR(file))
> diff --cc fs/namei.c
> index 734f2b5,bbc15c2..1993176
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char
> nd->flags |= LOOKUP_CONTINUE;
> err = exec_permission_lite(inode);
> if (err == -EAGAIN)
> - err = vfs_permission(nd, MAY_EXEC);
> + err = inode_permission(nd->path.dentry->d_inode,
> + MAY_EXEC);
> + if (!err)
> + err = ima_path_check(&nd->path, MAY_EXEC);
> if (err)
> break;
>
> @@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
> flag &= ~O_TRUNC;
> }
>
> - error = vfs_permission(nd, acc_mode);
> + error = inode_permission(inode, acc_mode);
> if (error)
> return error;
> +
> - error = ima_path_check(&nd->path,
> ++ error = ima_path_check(path,
> + acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
> + if (error)
> + return error;
> /*
> * An append-only file must be opened in append mode for writing.
> */
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/