Take ima_path_check() in nfsd past dentry_open() in nfsd_open()
authorAl Viro <viro@zeniv.linux.org.uk>
Tue, 26 Jan 2010 10:43:08 +0000 (05:43 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Sun, 7 Feb 2010 08:06:22 +0000 (03:06 -0500)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/nfsd/vfs.c

index c194793b642b8f5e35175ac52fed9c104606d274..325959e264ce9a0fecb40a3930cc1728b7b5fac9 100644 (file)
@@ -752,6 +752,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
                            flags, current_cred());
        if (IS_ERR(*filp))
                host_err = PTR_ERR(*filp);
+       host_err = ima_path_check(&(*filp)->f_path,
+                                 access & (MAY_READ | MAY_WRITE | MAY_EXEC));
 out_nfserr:
        err = nfserrno(host_err);
 out:
@@ -2127,7 +2129,6 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
         */
        path.mnt = exp->ex_path.mnt;
        path.dentry = dentry;
-       err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC));
 nfsd_out:
        return err? nfserrno(err) : 0;
 }