Bug 323111
| Summary: | GFS1: security_eo_get() uses permission() when it should use security_inode_getxattr() | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Steve Whitehouse <swhiteho> |
| Component: | gfs-kmod | Assignee: | Ryan O'Hara <rohara> |
| Status: | CLOSED ERRATA | QA Contact: | GFS Bugs <gfs-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.0 | CC: | dwalsh, mnielsen, rkenna, rohara, rpeterso |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | RHBA-2008-0348 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-05-21 15:37:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 307431 | ||
| Bug Blocks: | |||
|
Comment 1
Robert Peterson
2007-10-10 14:29:35 UTC
Fixed. Removed calls to permission() from xattr ops. The permission() checks are handled in the VFS layer, so there is no need for gfs to repeat this step. Also note that checking permission() is incorrect for SELinux xattrs. The correct permission check is done via the security_inode_getxattr(), etc. calls, which are also done in the VFS layer. Planning on removing GFS-kernel. Moving all bugs to gfs-kmod. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0348.html |