Commit d09ca73979460b96d5d4684d588b188be9a1f57d
Committed by
James Morris
1 parent
9cfcac810e
Exists in
master
and in
20 other branches
security: make LSMs explicitly mask off permissions
SELinux needs to pass the MAY_ACCESS flag so it can handle auditting correctly. Presently the masking of MAY_* flags is done in the VFS. In order to allow LSMs to decide what flags they care about and what flags they don't just pass them all and the each LSM mask off what they don't need. This patch should contain no functional changes to either the VFS or any LSM. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 5 additions and 2 deletions Side-by-side Diff
fs/namei.c
security/selinux/hooks.c
security/smack/smack_lsm.c