diff mbox series

[1/1] selinux: Add xfs quota command types

Message ID 20200220153234.152426-2-richard_c_haines@btinternet.com (mailing list archive)
State Accepted
Headers show
Series selinux: Add xfs quota command types | expand

Commit Message

Richard Haines Feb. 20, 2020, 3:32 p.m. UTC 
Add Q_XQUOTAOFF, Q_XQUOTAON and Q_XSETQLIM to trigger filesystem quotamod
permission check.

Add Q_XGETQUOTA, Q_XGETQSTAT, Q_XGETQSTATV and Q_XGETNEXTQUOTA to trigger
filesystem quotaget permission check.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 security/selinux/hooks.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Christoph Hellwig Feb. 20, 2020, 3:44 p.m. UTC | #1 
On Thu, Feb 20, 2020 at 03:32:34PM +0000, Richard Haines wrote:
> Add Q_XQUOTAOFF, Q_XQUOTAON and Q_XSETQLIM to trigger filesystem quotamod
> permission check.
> 
> Add Q_XGETQUOTA, Q_XGETQSTAT, Q_XGETQSTATV and Q_XGETNEXTQUOTA to trigger
> filesystem quotaget permission check.
> 
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>

Looks good,

Reviewed-by: Christoph Hellwig <hch@lst.de>
Paul Moore Feb. 22, 2020, 7:47 p.m. UTC | #2 
On Thu, Feb 20, 2020 at 10:32 AM Richard Haines
<richard_c_haines@btinternet.com> wrote:
>
> Add Q_XQUOTAOFF, Q_XQUOTAON and Q_XSETQLIM to trigger filesystem quotamod
> permission check.
>
> Add Q_XGETQUOTA, Q_XGETQSTAT, Q_XGETQSTATV and Q_XGETNEXTQUOTA to trigger
> filesystem quotaget permission check.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
>  security/selinux/hooks.c | 7 +++++++
>  1 file changed, 7 insertions(+)

Thanks Richard, I've merged this into selinux/next.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 46a8f3e7d..974228313 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2145,11 +2145,18 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
>         case Q_QUOTAOFF:
>         case Q_SETINFO:
>         case Q_SETQUOTA:
> +       case Q_XQUOTAOFF:
> +       case Q_XQUOTAON:
> +       case Q_XSETQLIM:
>                 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
>                 break;
>         case Q_GETFMT:
>         case Q_GETINFO:
>         case Q_GETQUOTA:
> +       case Q_XGETQUOTA:
> +       case Q_XGETQSTAT:
> +       case Q_XGETQSTATV:
> +       case Q_XGETNEXTQUOTA:
>                 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
>                 break;
>         default:
> --
> 2.24.1
diff mbox series

Patch

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 46a8f3e7d..974228313 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2145,11 +2145,18 @@  static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
 	case Q_QUOTAOFF:
 	case Q_SETINFO:
 	case Q_SETQUOTA:
+	case Q_XQUOTAOFF:
+	case Q_XQUOTAON:
+	case Q_XSETQLIM:
 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
 		break;
 	case Q_GETFMT:
 	case Q_GETINFO:
 	case Q_GETQUOTA:
+	case Q_XGETQUOTA:
+	case Q_XGETQSTAT:
+	case Q_XGETQSTATV:
+	case Q_XGETNEXTQUOTA:
 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
 		break;
 	default: