diff options
author | Andy Whitcroft <apw@canonical.com> | 2012-05-01 16:17:52 +0100 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-06-25 15:02:27 -0600 |
commit | 721964d7ebe2759d41a7dfe78b1d6effdb1859a7 (patch) | |
tree | 089afd15a3994015e523123f0a8b40d27525aa97 | |
parent | 0dbf68a3e2f87216e834403eb4ac61d455bf7c50 (diff) |
UBUNTU: ubuntu: overlayfs -- overlayfs: switch to use inode_only_permissions
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.
Switch over to the newly introduced inode_only_permissions.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
-rw-r--r-- | fs/overlayfs/inode.c | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 86bf66346ad..1a8e232e2c6 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -105,19 +105,9 @@ int ovl_permission(struct inode *inode, int mask) if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) goto out_dput; - - /* - * Nobody gets write access to an immutable file. - */ - err = -EACCES; - if (IS_IMMUTABLE(realinode)) - goto out_dput; } - if (realinode->i_op->permission) - err = realinode->i_op->permission(realinode, mask); - else - err = generic_permission(realinode, mask); + err = inode_only_permission(realinode, mask); out_dput: dput(alias); return err; |