2010-02-15 23:07:56

by Chuck Ebbert

Subject: [PATCH] vfs: don't call ima_file_check() unconditionally in nfsd_open()

From: Chuck Ebbert <[email protected]>

vfs: don't call ima_file_check() unconditionally in nfsd_open()

commit 1e41568d7378d1ba8c64ba137b9ddd00b59f893a ("Take ima_path_check()
in nfsd past dentry_open() in nfsd_open()") moved this code back to its
original location but missed the "else".

Signed-off-by: Chuck Ebbert <[email protected]>

--- linux-2.6.32.noarch.orig/fs/nfsd/vfs.c
+++ linux-2.6.32.noarch/fs/nfsd/vfs.c
@@ -752,7 +752,8 @@ nfsd_open(struct svc_rqst *rqstp, struct
flags, current_cred());
if (IS_ERR(*filp))
host_err = PTR_ERR(*filp);
- host_err = ima_file_check(*filp, access);
+ else
+ host_err = ima_file_check(*filp, access);
out_nfserr:
err = nfserrno(host_err);
out:

2010-02-16 14:33:47

by Mimi Zohar

Subject: Re: [PATCH] vfs: don't call ima_file_check() unconditionally in nfsd_open()

On Mon, 2010-02-15 at 18:07 -0500, Chuck Ebbert wrote:
> From: Chuck Ebbert <[email protected]>
>
> vfs: don't call ima_file_check() unconditionally in nfsd_open()
>
> commit 1e41568d7378d1ba8c64ba137b9ddd00b59f893a ("Take ima_path_check()
> in nfsd past dentry_open() in nfsd_open()") moved this code back to its
> original location but missed the "else".
>
> Signed-off-by: Chuck Ebbert <[email protected]>

Thanks for catching it.

Signed-off-by: Mimi Zohar <[email protected]>

> --- linux-2.6.32.noarch.orig/fs/nfsd/vfs.c
> +++ linux-2.6.32.noarch/fs/nfsd/vfs.c
> @@ -752,7 +752,8 @@ nfsd_open(struct svc_rqst *rqstp, struct
> flags, current_cred());
> if (IS_ERR(*filp))
> host_err = PTR_ERR(*filp);
> - host_err = ima_file_check(*filp, access);
> + else
> + host_err = ima_file_check(*filp, access);
> out_nfserr:
> err = nfserrno(host_err);
> out: