diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 12:38:01 +0100 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 18:16:47 +0100 |
commit | 1429b3eca23818f87f9fa569a15d9816de81f698 (patch) | |
tree | 3100f009ec8863ee4692ee197b8e0c16c11258e6 /fs | |
parent | Untangling ima mess, part 2: deal with counters (diff) | |
download | linux-1429b3eca23818f87f9fa569a15d9816de81f698.tar.xz linux-1429b3eca23818f87f9fa569a15d9816de81f698.zip |
Untangling ima mess, part 3: kill dead code in ima
Kill the 'update' argument of ima_path_check(), kill
dead code in ima.
Current rules: ima counters are bumped at the same time
when the file switches from put_filp() fodder to fput()
one. Which happens exactly in two places - alloc_file()
and __dentry_open(). Nothing else needs to do that at
all.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namei.c | 4 | ||||
-rw-r--r-- | fs/nfsd/vfs.c | 3 |
2 files changed, 3 insertions, 4 deletions
diff --git a/fs/namei.c b/fs/namei.c index c530e5d32f12..a765e7a741f4 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1686,7 +1686,7 @@ do_last: path_put(&nd.root); if (!IS_ERR(filp)) { error = ima_path_check(&filp->f_path, filp->f_mode & - (MAY_READ | MAY_WRITE | MAY_EXEC), 0); + (MAY_READ | MAY_WRITE | MAY_EXEC)); if (error) { fput(filp); filp = ERR_PTR(error); @@ -1747,7 +1747,7 @@ ok: filp = nameidata_to_filp(&nd, open_flag); if (!IS_ERR(filp)) { error = ima_path_check(&filp->f_path, filp->f_mode & - (MAY_READ | MAY_WRITE | MAY_EXEC), 0); + (MAY_READ | MAY_WRITE | MAY_EXEC)); if (error) { fput(filp); filp = ERR_PTR(error); diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index c9942b39654e..936f08400db6 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -2122,8 +2122,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, */ path.mnt = exp->ex_path.mnt; path.dentry = dentry; - err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC), - IMA_COUNT_LEAVE); + err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC)); nfsd_out: return err? nfserrno(err) : 0; } |