SECURITY: Move exec_permission RCU checks into security modules

Right now all RCU walks fall back to reference walk when CONFIG_SECURITY is enabled, even though just the standard capability module is active. This is because security_inode_exec_permission unconditionally fails RCU walks. Move this decision to the low level security module. This requires passing the RCU flags down the security hook. This way at least the capability module and a few easy cases in selinux/smack work with RCU walks with CONFIG_SECURITY=y Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Andi Kleen <ak@linux.intel.com> 2011-04-21 17:23:19 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2011-04-22 16:17:29 -0700
commit: 8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a (patch)
tree: 7595dd217545593675d40f85cfb11d69697a8300 /security/capability.c
parent: 8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/capability.c b/security/capability.c
index 2984ea4f776..bbb51156261 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry,
 	return 0;
 }
 
-static int cap_inode_permission(struct inode *inode, int mask)
+static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)
 {
 	return 0;
 }
author	Andi Kleen <ak@linux.intel.com>	2011-04-21 17:23:19 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2011-04-22 16:17:29 -0700
commit	8c9e80ed276fc4b9c9fadf29d8bf6b3576112f1a (patch)
tree	7595dd217545593675d40f85cfb11d69697a8300 /security/capability.c
parent	8d082f8f3fb89e8a1fcb5120ad98cd9860c8a3e8 (diff)