summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2015-05-21 16:05:55 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2015-06-24 00:01:09 +0200
commit45f147a1bc97c743c6101a8d2741c69a51f583e4 (patch)
treeb7919ca80674bc1793b4423957f4d61c8100408d /include
parentfs: Provide function telling whether file_remove_privs() will do anything (diff)
downloadlinux-45f147a1bc97c743c6101a8d2741c69a51f583e4.tar.xz
linux-45f147a1bc97c743c6101a8d2741c69a51f583e4.zip
fs: Call security_ops->inode_killpriv on truncate
Comment in include/linux/security.h says that ->inode_killpriv() should be called when setuid bit is being removed and that similar security labels (in fact this applies only to file capabilities) should be removed at this time as well. However we don't call ->inode_killpriv() when we remove suid bit on truncate. We fix the problem by calling ->inode_need_killpriv() and subsequently ->inode_killpriv() on truncate the same way as we do it on file write. After this patch there's only one user of should_remove_suid() - ocfs2 - and indeed it's buggy because it doesn't call ->inode_killpriv() on write. However fixing it is difficult because of special locking constraints. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r--include/linux/fs.h6
1 files changed, 5 insertions, 1 deletions
diff --git a/include/linux/fs.h b/include/linux/fs.h
index ee60e8ab210f..1e658b11c265 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2554,7 +2554,11 @@ extern struct inode *new_inode(struct super_block *sb);
extern void free_inode_nonrcu(struct inode *inode);
extern int should_remove_suid(struct dentry *);
extern int file_remove_privs(struct file *);
-extern int file_needs_remove_privs(struct file *file);
+extern int dentry_needs_remove_privs(struct dentry *dentry);
+static inline int file_needs_remove_privs(struct file *file)
+{
+ return dentry_needs_remove_privs(file->f_path.dentry);
+}
extern void __insert_inode_hash(struct inode *, unsigned long hashval);
static inline void insert_inode_hash(struct inode *inode)