it seems that readv(2)/writev(2) syscalls do not call
file_permission callback. Looks like this is overlook.
I have filled the issue into redhat bugzilla as
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
and got the recommendation to post this on lsm mailing list.
The following trivial patch solves the problem.
Signed-off-by: Kostik Belousov <kostikbel@gmail.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
}
ret = rw_verify_area(type, file, pos, tot_len);
+ if (ret)
+ goto out;
+ ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
if (ret)
goto out;