From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 28 Jul 2008 17:32:38 +0000 (-0400)
Subject: Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
X-Git-Tag: v2.6.27-rc2~105^2~11
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f418b006079ce537daf9436215f1d2a47e451602;p=platform%2Fkernel%2Flinux-3.10.git

Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
for July 17: early crash on x86-64)

SELinux needs MAY_APPEND to be passed down to the security hook.
Otherwise, we get permission denials when only append permission is
granted by policy even if the opening process specified O_APPEND.
Shows up as a regression in the ltp selinux testsuite, fixed by
this patch.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/fs/namei.c b/fs/namei.c
index a7b0a0b..b91e973 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -274,7 +274,7 @@ int inode_permission(struct inode *inode, int mask)
 		return retval;
 
 	return security_inode_permission(inode,
-			mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
+			mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
 }
 
 /**