OpenAFS Master Repository branch, master, updated. BP-openafs-stable-1_8_x-526-gcd3221d
Gerrit Code Review
gerrit@openafs.org
Thu, 27 Feb 2020 22:35:59 -0500
The following commit has been merged in the master branch:
commit cd3221d3532a28111ad22d4090ec913cbbff40da
Author: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Thu May 2 16:02:47 2019 -0400
Linux: use override_creds when available
Linux may perform some access control checks at the time of an I/O
operation, rather than relying solely on checks done when the file is
opened. In some cases (e.g. AppArmor), these checks are done based on
the current tasks's creds at the time of the I/O operation, not those
used when the file was open.
Because of this, we must use override_creds() / revert_creds() to make
sure we are using privileged credentials when performing I/O operations
on cache files. Otherwise, cache I/O operations done in the context of
a task with a restrictive AppArmor profile will fail.
Change-Id: Icbe60874c348d6cd92b0a186d426918b0db9b0f9
Reviewed-on: https://gerrit.openafs.org/13751
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
src/afs/LINUX/osi_file.c | 34 ++++++++++++++++++++++++++++++++++
src/cf/linux-kernel-func.m4 | 3 +++
2 files changed, 37 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository