| Message ID | 1468421095-22322-9-git-send-email-vgoyal@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Jul 13, 2016 at 4:44 PM, Vivek Goyal <vgoyal@redhat.com> wrote: > Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from > mask as lower/ will never be written and file will be copied up. But this > is not true for special files. These files are not copied up and are > opened in place. So don't dilute the checks for these types of files. Pushed this one as well. Miklos > > Reported-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com> > --- > fs/overlayfs/inode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c > index 66f42f5..6d9d86e 100644 > --- a/fs/overlayfs/inode.c > +++ b/fs/overlayfs/inode.c > @@ -140,7 +140,7 @@ int ovl_permission(struct inode *inode, int mask) > return err; > > old_cred = ovl_override_creds(inode->i_sb); > - if (!is_upper) > + if (!is_upper && !special_file(realinode->i_mode)) > mask &= ~(MAY_WRITE | MAY_APPEND); > err = inode_permission(realinode, mask); > revert_creds(old_cred); > -- > 2.7.4 > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 66f42f5..6d9d86e 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -140,7 +140,7 @@ int ovl_permission(struct inode *inode, int mask) return err; old_cred = ovl_override_creds(inode->i_sb); - if (!is_upper) + if (!is_upper && !special_file(realinode->i_mode)) mask &= ~(MAY_WRITE | MAY_APPEND); err = inode_permission(realinode, mask); revert_creds(old_cred);
Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from mask as lower/ will never be written and file will be copied up. But this is not true for special files. These files are not copied up and are opened in place. So don't dilute the checks for these types of files. Reported-by: Dan Walsh <dwalsh@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/overlayfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)