From: John Johansen Date: Tue, 8 May 2007 07:29:44 +0000 (-0700) Subject: Remove redundant check from proc_sys_setattr() X-Git-Tag: v2.6.22-rc1~660 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d0633cfedde484d30eef869f749c04709ab3e42;p=linux-2.6 Remove redundant check from proc_sys_setattr() notify_change() already calls security_inode_setattr() before calling iop->setattr. Alan sayeth This is a behaviour change on all of these and limits some behaviour of existing established security modules When inode_change_ok is called it has side effects. This includes clearing the SGID bit on attribute changes caused by chmod. If you make this change the results of some rulesets may be different before or after the change is made. I'm not saying the change is wrong but it does change behaviour so that needs looking at closely (ditto all other attribute twiddles) Signed-off-by: Steve Beattie Signed-off-by: Andreas Gruenbacher Signed-off-by: John Johansen Acked-by: Stephen Smalley Cc: James Morris Cc: Chris Wright Cc: Alan Cox Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 20e8cbb343..680c429bfa 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -429,11 +429,8 @@ static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr) return -EPERM; error = inode_change_ok(inode, attr); - if (!error) { - error = security_inode_setattr(dentry, attr); - if (!error) - error = inode_setattr(inode, attr); - } + if (!error) + error = inode_setattr(inode, attr); return error; }