> Please find attached the Oops output, together with the ksymoops > information. It turns out that nfsd_open in 2.4 directly sets up the struct file rather than using init_private_file, unlike nfsd_open in 2.5. Hence, our changes to init_private_file don't solve the problem in the current 2.4 version. Attached is a quick fix to allocate a file security structure if one has not already been allocated when file_permission is called. The preferred solution would be to back port the 2.5 changes to use init_private_file in nfsd_open so that the file security structure will be allocated during setup. -- Stephen Smalley, NSA sdsat_private diff -X /home/sds/dontdiff -ru lsm-2.4-bk/security/selinux/hooks.c lsm-2.4/security/selinux/hooks.c --- lsm-2.4-bk/security/selinux/hooks.c Wed Dec 4 09:31:07 2002 +++ lsm-2.4/security/selinux/hooks.c Wed Dec 18 09:09:09 2002 @@ -2032,6 +2037,8 @@ /* No permission to check. Existence test. */ return 0; } + + inode_doinit(inode); return inode_has_perm(current, inode, file_mask_to_av(inode->i_mode, mask), NULL, NULL); @@ -2104,6 +2111,13 @@ if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) mask |= MAY_APPEND; + if (!file->f_security) { + int rc; + rc = file_alloc_security(file); + if (rc) + return rc; + } + return file_has_perm(current, file, file_mask_to_av(inode->i_mode, mask)); } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:29:44 PST