/* CacheFiles security management * * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public Licence * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. */ #include #include #include "internal.h" /* * determine the security context within which we access the cache from within * the kernel */ int cachefiles_get_security_ID(struct cachefiles_cache *cache) { struct cred *new; int ret; _enter("{%s}", cache->secctx); new = prepare_kernel_cred(current); if (!new) { ret = -ENOMEM; goto error; } if (cache->secctx) { ret = set_security_override_from_ctx(new, cache->secctx); if (ret < 0) { put_cred(new); pr_err("Security denies permission to nominate security context: error %d\n", ret); goto error; } } cache->cache_cred = new; ret = 0; error: _leave(" = %d", ret); return ret; } /* * see if mkdir and create can be performed in the root directory */ static int cachefiles_check_cache_dir(struct cachefiles_cache *cache, struct dentry *root) { int ret; ret = security_inode_mkdir(d_backing_inode(root), root, 0); if (ret < 0) { pr_err("Security denies permission to make dirs: error %d", ret); return ret; } ret = security_inode_create(d_backing_inode(root), root, 0); if (ret < 0) pr_err("Security denies permission to create files: error %d", ret); return ret; } /* * check the security details of the on-disk cache * - must be called with security override in force * - must return with a security override in force - even in the case of an * error */ int cachefiles_determine_cache_security(struct cachefiles_cache *cache, struct dentry *root, const struct cred **_saved_cred) { struct cred *new; int ret; _enter(""); /* duplicate the cache creds for COW (the override is currently in * force, so we can use prepare_creds() to do this) */ new = prepare_creds(); if (!new) return -ENOMEM; cachefiles_end_secure(cache, *_saved_cred); /* use the cache root dir's security context as the basis with * which create files */ ret = set_create_files_as(new, d_backing_inode(root)); if (ret < 0) { abort_creds(new); cachefiles_begin_secure(cache, _saved_cred); _leave(" = %d [cfa]", ret); return ret; } put_cred(cache->cache_cred); cache->cache_cred = new; cachefiles_begin_secure(cache, _saved_cred); ret = cachefiles_check_cache_dir(cache, root); if (ret == -EOPNOTSUPP) ret = 0; _leave(" = %d", ret); return ret; } linux/net-next.git/commit/net?id=883af14e67e8b8702b5560aa64c888c0cd0bd66c'>net/9p/client.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-01-24 16:54:39 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-24 16:54:39 -0800
commit883af14e67e8b8702b5560aa64c888c0cd0bd66c (patch)
tree74e3a6b53f5fad9f7848ab1b9f6921b7012940a4 /net/9p/client.c
parent0263d4ebd94b36280608e296cba39b924b6e832b (diff)
parentaab45453ff5c77200c6da4ac909f7a4392aed17e (diff)
Merge branch 'akpm' (patches from Andrew)
Merge fixes from Andrew Morton: "26 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (26 commits) MAINTAINERS: add Dan Streetman to zbud maintainers MAINTAINERS: add Dan Streetman to zswap maintainers mm: do not export ioremap_page_range symbol for external module mn10300: fix build error of missing fpu_save() romfs: use different way to generate fsid for BLOCK or MTD frv: add missing atomic64 operations mm, page_alloc: fix premature OOM when racing with cpuset mems update mm, page_alloc: move cpuset seqcount checking to slowpath mm, page_alloc: fix fast-path race with cpuset update or removal mm, page_alloc: fix check for NULL preferred_zone kernel/panic.c: add missing \n fbdev: color map copying bounds checking frv: add atomic64_add_unless() mm/mempolicy.c: do not put mempolicy before using its nodemask radix-tree: fix private list warnings Documentation/filesystems/proc.txt: add VmPin mm, memcg: do not retry precharge charges proc: add a schedule point in proc_pid_readdir() mm: alloc_contig: re-allow CMA to compact FS pages mm/slub.c: trace free objects at KERN_INFO ...
Diffstat (limited to 'net/9p/client.c')