diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2015-10-21 17:44:25 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2015-10-21 17:44:25 -0400 |
| commit | 44d37ad3602b3823764eeb0f6c1ee3ef6c4fb936 (patch) | |
| tree | da06d34a35dc0364f8bec0276abcf796ffeeb81c /security/selinux/include/security.h | |
| parent | 2a35d196c160e352fa56eabb7952f78f4c85f577 (diff) | |
selinux: do not check open perm on ftruncate call
Use the ATTR_FILE attribute to distinguish between truncate()
and ftruncate() system calls. The two other cases where
do_truncate is called with a filp (and therefore ATTR_FILE is set)
are for coredump files and for open(O_TRUNC). In both of those cases
the open permission has already been checked during file open and
therefore does not need to be repeated.
Commit 95dbf739313f ("SELinux: check OPEN on truncate calls")
fixed a major issue where domains were allowed to truncate files
without the open permission. However, it introduced a new bug where
a domain with the write permission can no longer ftruncate files
without the open permission, even when they receive an already open
file.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux/include/security.h')
0 files changed, 0 insertions, 0 deletions