diff options
author | John Johansen <jjohansen@suse.de> | 2007-05-08 00:29:44 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-05-08 11:15:10 -0700 |
commit | 9d0633cfedde484d30eef869f749c04709ab3e42 (patch) | |
tree | c234f06a36ba6344489597f0084a616948a419c2 /fs/proc | |
parent | 1e8123fdeda6b2b9e96f2ec56e7bed27a303d3eb (diff) | |
download | linux-3.10-9d0633cfedde484d30eef869f749c04709ab3e42.tar.gz linux-3.10-9d0633cfedde484d30eef869f749c04709ab3e42.tar.bz2 linux-3.10-9d0633cfedde484d30eef869f749c04709ab3e42.zip |
Remove redundant check from proc_sys_setattr()
notify_change() already calls security_inode_setattr() before
calling iop->setattr.
Alan sayeth
This is a behaviour change on all of these and limits some behaviour of
existing established security modules
When inode_change_ok is called it has side effects. This includes
clearing the SGID bit on attribute changes caused by chmod. If you make
this change the results of some rulesets may be different before or after
the change is made.
I'm not saying the change is wrong but it does change behaviour so that
needs looking at closely (ditto all other attribute twiddles)
Signed-off-by: Steve Beattie <sbeattie@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: John Johansen <jjohansen@suse.de>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/proc_sysctl.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 20e8cbb3436..680c429bfa2 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -429,11 +429,8 @@ static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr) return -EPERM; error = inode_change_ok(inode, attr); - if (!error) { - error = security_inode_setattr(dentry, attr); - if (!error) - error = inode_setattr(inode, attr); - } + if (!error) + error = inode_setattr(inode, attr); return error; } |