diff options
author | Andy Whitcroft <apw@canonical.com> | 2012-05-01 16:17:52 +0100 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-08-15 23:46:04 -0600 |
commit | 4ede59b484f15ae79726c164a956756c5c4f642f (patch) | |
tree | d314000d429f88560e7cb67e945fce591587985e | |
parent | 5cb6f52b2dca446e67013c8e0f972061d8b5b9da (diff) |
ovl: switch to __inode_permission()
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.
Switch over to __inode_permissions.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
-rw-r--r-- | fs/overlayfs/inode.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index e8547201fb3..f3a534fbb31 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -100,19 +100,9 @@ int ovl_permission(struct inode *inode, int mask) if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) goto out_dput; - - /* - * Nobody gets write access to an immutable file. - */ - err = -EACCES; - if (IS_IMMUTABLE(realinode)) - goto out_dput; } - if (realinode->i_op->permission) - err = realinode->i_op->permission(realinode, mask); - else - err = generic_permission(realinode, mask); + err = __inode_permission(realinode, mask); out_dput: dput(alias); return err; |