Commit f418b006 authored by Stephen Smalley's avatar Stephen Smalley Committed by Al Viro

Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree

for July 17: early crash on x86-64)

SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 94ad374a
...@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask) ...@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
return retval; return retval;
return security_inode_permission(inode, return security_inode_permission(inode,
mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment