The following commit has been merged in the master branch:
commit cd3221d3532a28111ad22d4090ec913cbbff40da
Author: Jeffrey Hutzelman <[email protected]>
Date: Thu May 2 16:02:47 2019 -0400
Linux: use override_creds when available
Linux may perform some access control checks at the time of an I/O
operation, rather than relying solely on checks done when the file is
opened. In some cases (e.g. AppArmor), these checks are done based on
the current tasks's creds at the time of the I/O operation, not those
used when the file was open.
Because of this, we must use override_creds() / revert_creds() to make
sure we are using privileged credentials when performing I/O operations
on cache files. Otherwise, cache I/O operations done in the context of
a task with a restrictive AppArmor profile will fail.
Change-Id: Icbe60874c348d6cd92b0a186d426918b0db9b0f9
Reviewed-on: https://gerrit.openafs.org/13751
Tested-by: BuildBot <[email protected]>
Reviewed-by: Andrew Deason <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
src/afs/LINUX/osi_file.c | 34 ++++++++++++++++++++++++++++++++++
src/cf/linux-kernel-func.m4 | 3 +++
2 files changed, 37 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
