diff options
| author | Andi Kleen <ak@linux.intel.com> | 2011-04-21 17:23:19 -0700 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2011-04-25 10:20:32 -0400 |
| commit | 1c9904297451f558191e211a48d8838b4bf792b0 (patch) | |
| tree | 9c7cabec6ce3d6604147de73953cfaca672f1c0d /include/linux | |
| parent | 6b697323a78bed254ee372f71b1a6a2901bb4b7a (diff) | |
| download | linux-1c9904297451f558191e211a48d8838b4bf792b0.tar.gz linux-1c9904297451f558191e211a48d8838b4bf792b0.tar.bz2 linux-1c9904297451f558191e211a48d8838b4bf792b0.zip | |
SECURITY: Move exec_permission RCU checks into security modules
Right now all RCU walks fall back to reference walk when CONFIG_SECURITY
is enabled, even though just the standard capability module is active.
This is because security_inode_exec_permission unconditionally fails
RCU walks.
Move this decision to the low level security module. This requires
passing the RCU flags down the security hook. This way at least
the capability module and a few easy cases in selinux/smack work
with RCU walks with CONFIG_SECURITY=y
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/security.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 84a202ac3de9..2f99ecd0fb2a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1454,7 +1454,7 @@ struct security_operations { struct inode *new_dir, struct dentry *new_dentry); int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); - int (*inode_permission) (struct inode *inode, int mask); + int (*inode_permission) (struct inode *inode, int mask, unsigned flags); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); int (*inode_setxattr) (struct dentry *dentry, const char *name, |