diff options
author | Miklos Szeredi <miklos@szeredi.hu> | 2008-07-02 21:12:01 +0200 |
---|---|---|
committer | Steven Whitehouse <swhiteho@redhat.com> | 2008-07-03 10:22:01 +0100 |
commit | f58ba889106af60f52af792efbe1973e458a2138 (patch) | |
tree | f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs/gfs2/inode.h | |
parent | f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff) | |
download | lwn-f58ba889106af60f52af792efbe1973e458a2138.tar.gz lwn-f58ba889106af60f52af792efbe1973e458a2138.zip |
[GFS2] don't call permission()
GFS2 calls permission() to verify permissions after locks on the files
have been taken.
For this it's sufficient to call gfs2_permission() instead. This
results in the following changes:
- IS_RDONLY() check is not performed
- IS_IMMUTABLE() check is not performed
- devcgroup_inode_permission() is not called
- security_inode_permission() is not called
IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations. do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.
IS_IMMUTABLE has been added to gfs2_permission()
Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2/inode.h')
-rw-r--r-- | fs/gfs2/inode.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/gfs2/inode.h b/fs/gfs2/inode.h index 580da454b38f..04e9fef3f99a 100644 --- a/fs/gfs2/inode.h +++ b/fs/gfs2/inode.h @@ -91,6 +91,7 @@ int gfs2_rmdiri(struct gfs2_inode *dip, const struct qstr *name, struct gfs2_inode *ip); int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, const struct gfs2_inode *ip); +int gfs2_permission(struct inode *inode, int mask); int gfs2_ok_to_move(struct gfs2_inode *this, struct gfs2_inode *to); int gfs2_readlinki(struct gfs2_inode *ip, char **buf, unsigned int *len); int gfs2_glock_nq_atime(struct gfs2_holder *gh); |