OpenAFS Master Repository branch, master, updated. BP-openafs-stable-1_8_x-526-gcd3221d

Gerrit Code Review gerrit@openafs.org
Thu, 27 Feb 2020 22:35:59 -0500


The following commit has been merged in the master branch:
commit cd3221d3532a28111ad22d4090ec913cbbff40da
Author: Jeffrey Hutzelman <jhutz@cmu.edu>
Date:   Thu May 2 16:02:47 2019 -0400

    Linux: use override_creds when available
    
    Linux may perform some access control checks at the time of an I/O
    operation, rather than relying solely on checks done when the file is
    opened. In some cases (e.g. AppArmor), these checks are done based on
    the current tasks's creds at the time of the I/O operation, not those
    used when the file was open.
    
    Because of this, we must use override_creds() / revert_creds() to make
    sure we are using privileged credentials when performing I/O operations
    on cache files. Otherwise, cache I/O operations done in the context of
    a task with a restrictive AppArmor profile will fail.
    
    Change-Id: Icbe60874c348d6cd92b0a186d426918b0db9b0f9
    Reviewed-on: https://gerrit.openafs.org/13751
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Andrew Deason <adeason@sinenomine.net>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

 src/afs/LINUX/osi_file.c    |   34 ++++++++++++++++++++++++++++++++++
 src/cf/linux-kernel-func.m4 |    3 +++
 2 files changed, 37 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository