o bugfix
The security enhancement (or possible bugfix) made on 20071022 has a
bug. Ulrich Holeschak reported that his reiser4 + initrd environment
cannot boot. Additionally his simple chroot(8) failed too.
I gave up calling open_exec() but introduced a new kernel patch,
deny_write_access.patch and a configuration for it.
Also I noticed that exporting aufs via NFS has to be careful for
chroot(8) too. So I added a note about this.
Junjiro Okajima
----------------------------------------------------------------------
Index: Kconfig.in
Index: README
Index: local.mk
Index: fs/aufs/sysaufs.c
Index: fs/aufs/dentry.c
Index: fs/aufs/file.c
Index: fs/aufs/file.h
Index: fs/aufs/finfo.c
Index: fs/aufs/i_op.c
- bugfix: introduce a new patch deny_write_access.patch and configuration
CONFIG_AUFS_DENY_WRITE_ACCESS_PATCH, reported and tested by Ulrich
Holeschak.
+ leave atomic open and let the lower filesystem handle it even if
FMODE_EXEC was specified, and make it deny write access later.
+ keep the dirty trick to handle FMODE_EXEC in aufs.
+ refine the trick to handle FMODE_EXEC by checking inode and its
mode, but still it is dirty.
+ call {deny,allow}_write_access() when aufs is linked statically or
CONFIG_AUFS_DENY_WRITE_ACCESS_PATCH is enabled.
Index: util/aufs.in.5
- add a note about exporting aufs via NFS.
Index: include/linux/aufs_type.h
- less important change.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
