Skip to content

Commit

Permalink
Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
Browse files Browse the repository at this point in the history 
for July 17: early crash on x86-64)

SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
  • Loading branch information
Stephen Smalley authored and Al Viro committed Aug 1, 2008
1 parent 94ad374 commit f418b00
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/namei.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
return retval;

return security_inode_permission(inode,
mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
}

/**
Expand Down

0 comments on commit f418b00

Please sign in to comment.