summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorAndi Kleen <ak@linux.intel.com>2011-04-21 17:23:19 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2011-04-22 16:17:29 -0700
commit8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a (patch)
tree7595dd217545593675d40f85cfb11d69697a8300 /security/security.c
parent8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8 (diff)
downloadlwn-8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a.tar.gz
lwn-8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a.zip
SECURITY: Move exec_permission RCU checks into security modules
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/security/security.c b/security/security.c
index 101142369db4..4ba6d4cc061f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -518,16 +518,14 @@ int security_inode_permission(struct inode *inode, int mask)
{
if (unlikely(IS_PRIVATE(inode)))
return 0;
- return security_ops->inode_permission(inode, mask);
+ return security_ops->inode_permission(inode, mask, 0);
}
int security_inode_exec_permission(struct inode *inode, unsigned int flags)
{
if (unlikely(IS_PRIVATE(inode)))
return 0;
- if (flags)
- return -ECHILD;
- return security_ops->inode_permission(inode, MAY_EXEC);
+ return security_ops->inode_permission(inode, MAY_EXEC, flags);
}
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)