On Fri, Oct 26, 2007 at 08:32:23AM -0400, Stephen Smalley wrote: > On Thu, 2007-10-25 at 23:40 -0700, [email protected] wrote: > > plain text document attachment (parent-permission.diff) > > Set the LOOKUP_CONTINUE flag when checking parent permissions. This allows > > permission functions to tell between parent and leaf checks. > > > > Signed-off-by: Andreas Gruenbacher <[email protected]> > > Signed-off-by: John Johansen <[email protected]> > > > > --- > > fs/namei.c | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -1472,6 +1472,10 @@ static int may_delete(struct inode *dir, > > BUG_ON(victim->d_parent->d_inode != dir); > > audit_inode_child(victim->d_name.name, victim, dir); > > > > +#if 0 > > + if (nd) > > + nd->flags |= LOOKUP_CONTINUE; > > +#endif > > #if 0? > Oops, thanks I missed that one. regards john
Attachment:
pgpLCUeKR2fe6.pgp
Description: PGP signature
- References:
- [AppArmor 00/45] AppArmor security module overview
- From: [email protected]
- [AppArmor 35/45] Allow permission functions to tell between parent and leaf checks
- From: [email protected]
- Re: [AppArmor 35/45] Allow permission functions to tell between parent and leaf checks
- From: Stephen Smalley <[email protected]>
- [AppArmor 00/45] AppArmor security module overview
- Prev by Date: Re: [PATCH] x86: Fix boot protocol KEEP_SEGMENTS check.
- Next by Date: Re: Old version of lilo fails to boot 2.6.23
- Previous by thread: Re: [AppArmor 35/45] Allow permission functions to tell between parent and leaf checks
- Next by thread: [AppArmor 36/45] Export audit subsystem for use by modules
- Index(es):
 |