Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Kernel Team (http://www.linux-archive.org/ubuntu-kernel-team/)
-   -   Fix aufs calling of security_path_mknod (http://www.linux-archive.org/ubuntu-kernel-team/493718-fix-aufs-calling-security_path_mknod.html)

John Johansen 02-24-2011 04:40 PM
Fix aufs calling of security_path_mknod
 
Fix aufs calling of security_path_mknod

BugLink: http://launchpad.net/bugs/724456

The security_path_mknod hook requires an encoded 'dev' for its 'dev' paramet
but aufs is calling security_path_mknod with a 'dev' that was already
converted by 'new_decode_dev(dev)'. However security_path_mknod and its
consumer TOMOYO is expecting 'dev' rather than 'new_decode_dev(dev)'.

This will result in TOMOYO doing new_decode_dev(new_decode_dev(dev))
(which is wrong) when security_path_mknod() is called from aufs' vfsub_mknod

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/ubuntu/aufs/vfsub.c b/ubuntu/aufs/vfsub.c
index 6ce2fd5..40f6aef 100644
--- a/ubuntu/aufs/vfsub.c
+++ b/ubuntu/aufs/vfsub.c
@@ -276,7 +276,7 @@ int vfsub_mknod(struct inode *dir, struct path *path, int mo

d = path->dentry;
path->dentry = d->d_parent;
- err = security_path_mknod(path, d, mode, dev);
+ err = security_path_mknod(path, d, mode, new_encode_dev(dev));
path->dentry = d;
if (unlikely(err))
goto out;

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Andy Whitcroft 02-28-2011 10:55 AM
Fix aufs calling of security_path_mknod
 
Applied to Natty.

John, is this specific to Ubuntu because we have Tomoyo or should it be
going up to aufs upstream?

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

John Johansen 03-01-2011 05:14 AM
Fix aufs calling of security_path_mknod
 
On 02/28/2011 03:55 AM, Andy Whitcroft wrote:
> Applied to Natty.
>
> John, is this specific to Ubuntu because we have Tomoyo or should it be
> going up to aufs upstream?
>
yes it should be upstreamed, its using the LSM hook incorrectly so its
potentially not just TOMOYO but any project that uses the hook.

I did send to aufs-users mailing, but it was reject, and my attempt
to join the list hasn't received a reply yet.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team


All times are GMT. The time now is 09:03 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.