diff options
| author | Eric Paris <eparis@redhat.com> | 2010-07-23 11:43:51 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-08-02 15:35:06 +1000 |
| commit | 9cfcac810e8993fa7a5bfd24b1a21f1dbbb03a7b (patch) | |
| tree | 86fae80c744e46b15b8eb9aa23fead7e63a64159 /fs/fuse | |
| parent | 692a8a231b212dfc68f612956d63f34abf098e0f (diff) | |
vfs: re-introduce MAY_CHDIR
Currently MAY_ACCESS means that filesystems must check the permissions
right then and not rely on cached results or the results of future
operations on the object. This can be because of a call to sys_access() or
because of a call to chdir() which needs to check search without relying on
any future operations inside that dir. I plan to use MAY_ACCESS for other
purposes in the security system, so I split the MAY_ACCESS and the
MAY_CHDIR cases.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/fuse')
| -rw-r--r-- | fs/fuse/dir.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 3cdc5f78a40..431be0795b6 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask) exist. So if permissions are revoked this won't be noticed immediately, only after the attribute timeout has expired */ - } else if (mask & MAY_ACCESS) { + } else if (mask & (MAY_ACCESS | MAY_CHDIR)) { err = fuse_access(inode, mask); } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { if (!(inode->i_mode & S_IXUGO)) { |