diff options
author | Stephen Rothwell <sfr@canb.auug.org.au> | 2017-04-18 13:40:01 +1000 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2017-04-18 13:40:01 +1000 |
commit | 28311e73eec3a189f6a58119dfaf82f1823fec5e (patch) | |
tree | a5fd061a8c132b45d69554f0c9a837a24adb78d2 /fs | |
parent | 7a53a9beee85aadfc18d84445ac98f5bad158693 (diff) | |
parent | cae303df3f379f04ce7efadb2e30de460918b302 (diff) |
Merge remote-tracking branch 'selinux/next'
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namei.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/fs/namei.c b/fs/namei.c index 19dcf62133cc..9a7f8bd748d8 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -340,22 +340,14 @@ int generic_permission(struct inode *inode, int mask) if (S_ISDIR(inode->i_mode)) { /* DACs are overridable for directories */ - if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) - return 0; if (!(mask & MAY_WRITE)) if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) return 0; - return -EACCES; - } - /* - * Read/write DACs are always overridable. - * Executable DACs are overridable when there is - * at least one exec bit set. - */ - if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; + return -EACCES; + } /* * Searching includes executable on directories, else just read. @@ -364,6 +356,14 @@ int generic_permission(struct inode *inode, int mask) if (mask == MAY_READ) if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) return 0; + /* + * Read/write DACs are always overridable. + * Executable DACs are overridable when there is + * at least one exec bit set. + */ + if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; return -EACCES; } |