From: Stephen Smalley Date: Mon, 28 Jul 2008 17:32:38 +0000 (-0400) Subject: Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree X-Git-Tag: Ubuntu-5.2.0-15.16~33755^2~11 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=f418b006079ce537daf9436215f1d2a47e451602;p=mirror_ubuntu-eoan-kernel.git Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree for July 17: early crash on x86-64) SELinux needs MAY_APPEND to be passed down to the security hook. Otherwise, we get permission denials when only append permission is granted by policy even if the opening process specified O_APPEND. Shows up as a regression in the ltp selinux testsuite, fixed by this patch. Signed-off-by: Stephen Smalley Signed-off-by: Al Viro --- diff --git a/fs/namei.c b/fs/namei.c index a7b0a0b80128..b91e9732b24a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask) return retval; return security_inode_permission(inode, - mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); + mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND)); } /**