[PATCH] Remove use of nameidata by selinux_inode_permission
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch removes the use of nameidata by selinux_inode_permission, as this appears to be unsafe in certain cases (e.g. path_walk call from rpc_lookup_parent), leading to an Oops if d_path is subsequently called by avc_audit on the (mnt,dentry) pair to generate a pathname for an audit message. The change does not affect the ability of SELinux to perform its permission check (which only requires the inode), only the set of information that is available for audit messages. We'll investigate better approaches for the SELinux audit generation in the future.
Showing
Please register or sign in to comment