diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2011-06-18 17:48:18 -0700 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-20 04:19:48 -0800 |
| commit | bf056bfa80596a5d14b26b17276a56a0dcb080e5 (patch) | |
| tree | 116db3255e1b75a92b30b72afe416aa941109e9f /fs/proc/inode.c | |
| parent | 33d6dce607573b5fd7a43168e0d91221b3ca532b (diff) | |
| download | op-kernel-dev-bf056bfa80596a5d14b26b17276a56a0dcb080e5.zip op-kernel-dev-bf056bfa80596a5d14b26b17276a56a0dcb080e5.tar.gz | |
proc: Fix the namespace inode permission checks.
Change the proc namespace files into symlinks so that
we won't cache the dentries for the namespace files
which can bypass the ptrace_may_access checks.
To support the symlinks create an additional namespace
inode with it's own set of operations distinct from the
proc pid inode and dentry methods as those no longer
make sense.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc/inode.c')
| -rw-r--r-- | fs/proc/inode.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c index 3b22bbd..439ae688 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -31,6 +31,7 @@ static void proc_evict_inode(struct inode *inode) struct proc_dir_entry *de; struct ctl_table_header *head; const struct proc_ns_operations *ns_ops; + void *ns; truncate_inode_pages(&inode->i_data, 0); clear_inode(inode); @@ -49,8 +50,9 @@ static void proc_evict_inode(struct inode *inode) } /* Release any associated namespace */ ns_ops = PROC_I(inode)->ns_ops; - if (ns_ops && ns_ops->put) - ns_ops->put(PROC_I(inode)->ns); + ns = PROC_I(inode)->ns; + if (ns_ops && ns) + ns_ops->put(ns); } static struct kmem_cache * proc_inode_cachep; |
