git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Marc Dionne <marc.c.dionne@gmail.com>
	Wed, 28 Oct 2009 21:54:32 +0000 (17:54 -0400)
committer	Russ Allbery <rra\|account-1000002@unknown>
	Wed, 4 Nov 2009 03:38:58 +0000 (19:38 -0800)
commit	a410b7fd45dde17d545b36b1f5e50d664f65e8c3
tree	866b6d8da5e9d80b85395f7bf6b6d36fc0be6800	tree \| snapshot
parent	58a01f81c6abc1c673fe50486b839d0b27da2b4d	commit \| diff

Linux - Fix disk cache access for selinux/AppArmor constrained processes

Preserve the credentials used for cache initialisation and use then
whenever disk cache files are opened. This takes advantage of the
credentials separation work from David Howells available in kernels
2.6.29 and above.
Access to cache files was done under the security context of the
user process, causing processes constrained by selinux or AppArmor to
fail to access AFS cache files and causing the cache manager to panic.

Besides the RT tickets, should also fix the following Ubuntu bugs:
415766 429260 457779 459299

FIXES 92944,125544

Change-Id: Ief8acd65c1a3e4d8c951f80bfd65f8340b8cec34
Reviewed-on: http://gerrit.openafs.org/752
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-on: http://gerrit.openafs.org/774

src/afs/LINUX/osi_file.c		diff \| blob \| history
src/afs/afs_init.c		diff \| blob \| history