mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
34 lines
946 B
Diff
34 lines
946 B
Diff
From: Andreas Gruenbacher <agruen@suse.de>
|
|
Subject: Allow permission functions to tell between parent and leaf checks
|
|
|
|
Set the LOOKUP_CONTINUE flag when checking parent permissions. This allows
|
|
permission functions to tell between parent and leaf checks.
|
|
|
|
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
|
|
|
|
---
|
|
fs/namei.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
--- a/fs/namei.c
|
|
+++ b/fs/namei.c
|
|
@@ -1409,6 +1409,10 @@ static int may_delete(struct inode *dir,
|
|
BUG_ON(victim->d_parent->d_inode != dir);
|
|
audit_inode_child(victim->d_name.name, victim->d_inode, dir);
|
|
|
|
+#if 0
|
|
+ if (nd)
|
|
+ nd->flags |= LOOKUP_CONTINUE;
|
|
+#endif
|
|
error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
|
|
if (error)
|
|
return error;
|
|
@@ -1446,6 +1450,8 @@ static inline int may_create(struct inod
|
|
return -EEXIST;
|
|
if (IS_DEADDIR(dir))
|
|
return -ENOENT;
|
|
+ if (nd)
|
|
+ nd->flags |= LOOKUP_CONTINUE;
|
|
return permission(dir,MAY_WRITE | MAY_EXEC, nd);
|
|
}
|
|
|