Commit f418b006 authored Jul 28, 2008 by Stephen Smalley Committed by Al Viro Aug 01, 2008

Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree


for July 17: early crash on x86-64)

SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

parent 94ad374a

fs/namei.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
		return retval;

		return security_inode_permission(inode,
		mask & (MAY_READ\|MAY_WRITE\|MAY_EXEC));
		mask & (MAY_READ\|MAY_WRITE\|MAY_EXEC\|MAY_APPEND));
		}

		/**