On Fri, 10 Mar 2017, Stephen Smalley wrote: > generic_permission() presently checks CAP_DAC_OVERRIDE prior to > CAP_DAC_READ_SEARCH. This can cause misleading audit messages when > using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE > may not be required for the operation. Flip the order of the > tests so that CAP_DAC_OVERRIDE is only checked when required for > the operation. > > Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org>
