err.no Git - linux-2.6/commit

author	Miklos Szeredi <miklos@szeredi.hu>
	Wed, 2 Jul 2008 19:12:01 +0000 (21:12 +0200)
committer	Steven Whitehouse <swhiteho@redhat.com>
	Thu, 3 Jul 2008 09:22:01 +0000 (10:22 +0100)
commit	f58ba889106af60f52af792efbe1973e458a2138
tree	f81426c7f611b74dec685cd416d3da8e7fe647d2	tree \| snapshot
parent	f17172e00167238cc5e4f61ac4e78c68e5c558ec	commit \| diff

[GFS2] don't call permission()

GFS2 calls permission() to verify permissions after locks on the files
have been taken.

For this it's sufficient to call gfs2_permission() instead.  This
results in the following changes:

  - IS_RDONLY() check is not performed
  - IS_IMMUTABLE() check is not performed
  - devcgroup_inode_permission() is not called
  - security_inode_permission() is not called

IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations.  do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.

IS_IMMUTABLE has been added to gfs2_permission()

Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>

fs/gfs2/inode.c		diff \| blob \| history
fs/gfs2/inode.h		diff \| blob \| history
fs/gfs2/ops_file.c		diff \| blob \| history
fs/gfs2/ops_inode.c		diff \| blob \| history