summaryrefslogtreecommitdiff
path: root/fs/ecryptfs/file.c
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2008-07-23 21:30:02 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-24 10:47:30 -0700
commit746f1e558bc52b9693c1a1ecdab60f8392e5ff18 (patch)
treea3253428affed93967c3ec67ba27ce8fe7d333c2 /fs/ecryptfs/file.c
parent0293902a4d66fab27d0ddcc0766e05dae68f004e (diff)
downloadlwn-746f1e558bc52b9693c1a1ecdab60f8392e5ff18.tar.gz
lwn-746f1e558bc52b9693c1a1ecdab60f8392e5ff18.zip
eCryptfs: Privileged kthread for lower file opens
eCryptfs would really like to have read-write access to all files in the lower filesystem. Right now, the persistent lower file may be opened read-only if the attempt to open it read-write fails. One way to keep from having to do that is to have a privileged kthread that can open the lower persistent file on behalf of the user opening the eCryptfs file; this patch implements this functionality. This patch will properly allow a less-privileged user to open the eCryptfs file, followed by a more-privileged user opening the eCryptfs file, with the first user only being able to read and the second user being able to both read and write. eCryptfs currently does this wrong; it will wind up calling vfs_write() on a file that was opened read-only. This is fixed in this patch. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Cc: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/file.c')
-rw-r--r--fs/ecryptfs/file.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 24749bf0668f..f0be29051528 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -192,6 +192,13 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
+ if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
+ && !(file->f_flags & O_RDONLY)) {
+ rc = -EPERM;
+ printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
+ "file must hence be opened RO\n", __func__);
+ goto out;
+ }
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {