mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
remove_suid.diff rediff. fold fix_leaf.diff into leaf.diff.
This commit is contained in:
Andreas Gruenbacher
parent
142cd5ea0c
commit
83f12d961c
3 changed files with 32 additions and 37 deletions
|
|
@ -1,15 +1,13 @@
|
|||
---
|
||||
fs/namei.c | 6 ++++++
|
||||
security/apparmor/apparmor.h | 7 +++----
|
||||
security/apparmor/lsm.c | 17 ++++++++---------
|
||||
security/apparmor/lsm.c | 25 +++++++++++++------------
|
||||
security/apparmor/main.c | 14 +-------------
|
||||
4 files changed, 18 insertions(+), 26 deletions(-)
|
||||
4 files changed, 23 insertions(+), 29 deletions(-)
|
||||
|
||||
Index: b/fs/namei.c
|
||||
===================================================================
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -1428,6 +1428,10 @@ static int may_delete(struct inode *dir,
|
||||
@@ -1396,6 +1396,10 @@ static int may_delete(struct inode *dir,
|
||||
BUG_ON(victim->d_parent->d_inode != dir);
|
||||
audit_inode_child(victim->d_name.name, victim->d_inode, dir);
|
||||
|
||||
|
|
@ -20,7 +18,7 @@ Index: b/fs/namei.c
|
|||
error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
|
||||
if (error)
|
||||
return error;
|
||||
@@ -1465,6 +1469,8 @@ static inline int may_create(struct inod
|
||||
@@ -1433,6 +1437,8 @@ static inline int may_create(struct inod
|
||||
return -EEXIST;
|
||||
if (IS_DEADDIR(dir))
|
||||
return -ENOENT;
|
||||
|
|
@ -29,8 +27,6 @@ Index: b/fs/namei.c
|
|||
return permission(dir,MAY_WRITE | MAY_EXEC, nd);
|
||||
}
|
||||
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -181,10 +181,9 @@ struct aa_audit {
|
||||
|
|
@ -47,8 +43,6 @@ Index: b/security/apparmor/apparmor.h
|
|||
|
||||
/* main.c */
|
||||
extern int alloc_null_complain_profile(void);
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -291,7 +291,7 @@ static int aa_permission(struct inode *i
|
||||
|
|
@ -94,22 +88,27 @@ Index: b/security/apparmor/lsm.c
|
|||
|
||||
if (inode && S_ISDIR(inode->i_mode))
|
||||
check |= AA_CHECK_DIR;
|
||||
@@ -381,13 +381,12 @@ static int apparmor_inode_permission(str
|
||||
@@ -381,13 +381,14 @@ static int apparmor_inode_permission(str
|
||||
{
|
||||
int check = 0;
|
||||
|
||||
- if (!nd)
|
||||
+ if (!nd || nd->flags & (LOOKUP_PARENT | LOOKUP_CONTINUE))
|
||||
return 0;
|
||||
if (S_ISDIR(inode->i_mode))
|
||||
check |= AA_CHECK_DIR;
|
||||
- if (S_ISDIR(inode->i_mode))
|
||||
- check |= AA_CHECK_DIR;
|
||||
mask &= (MAY_READ | MAY_WRITE | MAY_EXEC);
|
||||
|
||||
-
|
||||
- /* Assume we are not checking a leaf directory. */
|
||||
+ if (S_ISDIR(inode->i_mode)) {
|
||||
+ check |= AA_CHECK_DIR;
|
||||
+ /* allow traverse accesses to directories */
|
||||
+ mask &= ~MAY_EXEC;
|
||||
+ }
|
||||
return aa_permission(inode, nd->dentry, nd->mnt, mask, check);
|
||||
}
|
||||
|
||||
@@ -481,7 +480,7 @@ static int apparmor_file_permission(stru
|
||||
@@ -481,7 +482,7 @@ static int apparmor_file_permission(stru
|
||||
struct dentry *dentry = file->f_dentry;
|
||||
struct vfsmount *mnt = file->f_vfsmnt;
|
||||
struct inode *inode = dentry->d_inode;
|
||||
|
|
@ -118,7 +117,7 @@ Index: b/security/apparmor/lsm.c
|
|||
|
||||
/*
|
||||
* FIXME: We should remember which profiles we revalidated
|
||||
@@ -536,7 +535,7 @@ static inline int aa_mmap(struct file *f
|
||||
@@ -536,7 +537,7 @@ static inline int aa_mmap(struct file *f
|
||||
|
||||
dentry = file->f_dentry;
|
||||
return aa_permission(dentry->d_inode, dentry, file->f_vfsmnt, mask,
|
||||
|
|
@ -127,8 +126,6 @@ Index: b/security/apparmor/lsm.c
|
|||
}
|
||||
|
||||
static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -656,17 +656,6 @@ int aa_perm(struct aa_profile *profile,
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
|
|||
file_update_time(file);
|
||||
--- a/fs/ocfs2/file.c
|
||||
+++ b/fs/ocfs2/file.c
|
||||
@@ -1157,14 +1157,14 @@ out:
|
||||
@@ -1035,13 +1035,13 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -42,8 +42,7 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
|
|||
+static int ocfs2_prepare_inode_for_write(struct path *path,
|
||||
loff_t *ppos,
|
||||
size_t count,
|
||||
int appending,
|
||||
int *direct_io)
|
||||
int appending)
|
||||
{
|
||||
int ret = 0, meta_level = appending;
|
||||
- struct inode *inode = dentry->d_inode;
|
||||
|
|
@ -51,7 +50,7 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
|
|||
u32 clusters;
|
||||
loff_t newsize, saved_pos;
|
||||
|
||||
@@ -1190,7 +1190,7 @@ static int ocfs2_prepare_inode_for_write
|
||||
@@ -1067,7 +1067,7 @@ static int ocfs2_prepare_inode_for_write
|
||||
* inode. There's also the dinode i_size state which
|
||||
* can be lost via setattr during extending writes (we
|
||||
* set inode->i_size at the end of a write. */
|
||||
|
|
@ -60,24 +59,24 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
|
|||
if (meta_level == 0) {
|
||||
ocfs2_meta_unlock(inode, meta_level);
|
||||
meta_level = 1;
|
||||
@@ -1498,7 +1498,7 @@ relock:
|
||||
}
|
||||
|
||||
can_do_direct = direct_io;
|
||||
- ret = ocfs2_prepare_inode_for_write(file->f_path.dentry, ppos,
|
||||
+ ret = ocfs2_prepare_inode_for_write(&file->f_path, ppos,
|
||||
iocb->ki_left, appending,
|
||||
&can_do_direct);
|
||||
if (ret < 0) {
|
||||
@@ -1703,7 +1703,7 @@ static ssize_t ocfs2_file_splice_write(s
|
||||
@@ -1176,7 +1176,7 @@ static ssize_t ocfs2_file_aio_write(stru
|
||||
goto out;
|
||||
}
|
||||
|
||||
- ret = ocfs2_prepare_inode_for_write(out->f_path.dentry, ppos, len, 0,
|
||||
+ ret = ocfs2_prepare_inode_for_write(&out->f_path, ppos, len, 0,
|
||||
NULL);
|
||||
- ret = ocfs2_prepare_inode_for_write(filp->f_path.dentry, &iocb->ki_pos,
|
||||
+ ret = ocfs2_prepare_inode_for_write(&filp->f_path, &iocb->ki_pos,
|
||||
iocb->ki_left, appending);
|
||||
if (ret < 0) {
|
||||
mlog_errno(ret);
|
||||
@@ -1239,7 +1239,7 @@ static ssize_t ocfs2_file_splice_write(s
|
||||
goto out;
|
||||
}
|
||||
|
||||
- ret = ocfs2_prepare_inode_for_write(out->f_path.dentry, ppos, len, 0);
|
||||
+ ret = ocfs2_prepare_inode_for_write(&out->f_path, ppos, len, 0);
|
||||
if (ret < 0) {
|
||||
mlog_errno(ret);
|
||||
goto out_unlock;
|
||||
--- a/fs/reiserfs/file.c
|
||||
+++ b/fs/reiserfs/file.c
|
||||
@@ -1353,7 +1353,7 @@ static ssize_t reiserfs_file_write(struc
|
||||
|
|
@ -126,7 +125,7 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
|
|||
goto out_unlock_mutex;
|
||||
--- a/include/linux/fs.h
|
||||
+++ b/include/linux/fs.h
|
||||
@@ -1690,9 +1690,9 @@ extern void __iget(struct inode * inode)
|
||||
@@ -1685,9 +1685,9 @@ extern void __iget(struct inode * inode)
|
||||
extern void clear_inode(struct inode *);
|
||||
extern void destroy_inode(struct inode *);
|
||||
extern struct inode *new_inode(struct super_block *);
|
||||
|
|
|
|||
|
|
@ -54,7 +54,6 @@ file_permission-nameidata.diff
|
|||
apparmorfs_dentry_refcount_fix
|
||||
# NOT YET
|
||||
leaf.diff
|
||||
fix_leaf.diff
|
||||
nfsd_permission-nameidata.diff
|
||||
ecryptfs-d_revalidate.diff
|
||||
# statvfs.diff
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue