X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=fs%2Fnamei.c;h=4b3e1ca088f2aff3f5dc839f43ef46956d46be70;hb=36f8fda096f12534b35bd2413bd25ed61b9f7eac;hp=656430d6b6e38aa7d13d9e40fbd33b319f13d8a4;hpb=a91482bdcc2e0f6035702e46f1b99043a0893346;p=linux-2.6.git

diff --git a/fs/namei.c b/fs/namei.c
index 656430d6b..4b3e1ca08 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -214,6 +214,20 @@ int vfs_permission(struct inode * inode, int mask)
 	return -EACCES;
 }
 
+static inline int xid_permission(struct inode *inode, int mask, struct nameidata *nd)
+{
+	if (inode->i_xid == 0)
+		return 0;
+	if (vx_check(inode->i_xid, VX_ADMIN|VX_WATCH|VX_IDENT))
+		return 0;
+/*
+	printk("VSW: xid=%d denied access to %p[#%d,%lu] »%*s«.\n",
+		vx_current_xid(), inode, inode->i_xid, inode->i_ino,
+		nd->dentry->d_name.len, nd->dentry->d_name.name);
+*/
+	return -EACCES;
+}
+
 int permission(struct inode * inode,int mask, struct nameidata *nd)
 {
 	int retval;
@@ -227,6 +241,8 @@ int permission(struct inode * inode,int mask, struct nameidata *nd)
 		(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
 		return -EROFS;
 
+	if ((retval = xid_permission(inode, mask, nd)))
+		return retval;
 	if (inode->i_op && inode->i_op->permission)
 		retval = inode->i_op->permission(inode, submask, nd);
 	else