Commit 1e41568d authored by Al Viro's avatar Al Viro
Browse files

Take ima_path_check() in nfsd past dentry_open() in nfsd_open()


Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 4b06e5b9
...@@ -752,6 +752,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, ...@@ -752,6 +752,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
flags, current_cred()); flags, current_cred());
if (IS_ERR(*filp)) if (IS_ERR(*filp))
host_err = PTR_ERR(*filp); host_err = PTR_ERR(*filp);
host_err = ima_path_check(&(*filp)->f_path,
access & (MAY_READ | MAY_WRITE | MAY_EXEC));
out_nfserr: out_nfserr:
err = nfserrno(host_err); err = nfserrno(host_err);
out: out:
...@@ -2127,7 +2129,6 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, ...@@ -2127,7 +2129,6 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
*/ */
path.mnt = exp->ex_path.mnt; path.mnt = exp->ex_path.mnt;
path.dentry = dentry; path.dentry = dentry;
err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC));
nfsd_out: nfsd_out:
return err? nfserrno(err) : 0; return err? nfserrno(err) : 0;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment