Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 2a4c2242 authored by Stephen Smalley's avatar Stephen Smalley Committed by Paul Moore
Browse files

fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks 



generic_permission() presently checks CAP_DAC_OVERRIDE prior to
CAP_DAC_READ_SEARCH.  This can cause misleading audit messages when
using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE
may not be required for the operation.  Flip the order of the
tests so that CAP_DAC_OVERRIDE is only checked when required for
the operation.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
Reviewed-by: default avatarSerge Hallyn <serge@hallyn.com>
Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 710a0647
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment