Bug 323111 - GFS1: security_eo_get() uses permission() when it should use security_inode_getxattr()
GFS1: security_eo_get() uses permission() when it should use security_inode_g...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gfs-kmod (Show other bugs)
5.0
All Linux
high Severity high
: rc
: ---
Assigned To: Ryan O'Hara
GFS Bugs
:
Depends On: 307431
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-08 10:03 EDT by Steve Whitehouse
Modified: 2010-01-11 22:27 EST (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2008-0348
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 11:37:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Robert Peterson 2007-10-10 10:29:35 EDT
Reassigning to Ryan Ohara because he now has bug #307431 and this is
really the same issue.
Comment 2 Ryan O'Hara 2007-12-04 14:33:08 EST
Fixed.

Removed calls to permission() from xattr ops. The permission() checks are
handled in the VFS layer, so there is no need for gfs to repeat this step.

Also note that checking permission() is incorrect for SELinux xattrs. The
correct permission check is done via the security_inode_getxattr(), etc. calls,
which are also done in the VFS layer.
Comment 3 Nate Straz 2007-12-19 15:03:47 EST
Planning on removing GFS-kernel.  Moving all bugs to gfs-kmod.
Comment 6 errata-xmlrpc 2008-05-21 11:37:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0348.html

Note You need to log in before you can comment on or make changes to this bug.