mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-02 15:18:19 +00:00
debugfs: lockdown: Allow reading debugfs files that are not world readable
[ Upstream commit358fcf5ddb
] When the kernel is locked down the kernel allows reading only debugfs files with mode 444. Mode 400 is also valid but is not allowed. Make the 444 into a mask. Fixes:5496197f9b
("debugfs: Restrict debugfs when the kernel is locked down") Signed-off-by: Michal Suchanek <msuchanek@suse.de> Link: https://lore.kernel.org/r/20220104170505.10248-1-msuchanek@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
46541f21de
commit
fca92bb20c
1 changed files with 1 additions and 1 deletions
|
@ -146,7 +146,7 @@ static int debugfs_locked_down(struct inode *inode,
|
||||||
struct file *filp,
|
struct file *filp,
|
||||||
const struct file_operations *real_fops)
|
const struct file_operations *real_fops)
|
||||||
{
|
{
|
||||||
if ((inode->i_mode & 07777) == 0444 &&
|
if ((inode->i_mode & 07777 & ~0444) == 0 &&
|
||||||
!(filp->f_mode & FMODE_WRITE) &&
|
!(filp->f_mode & FMODE_WRITE) &&
|
||||||
!real_fops->unlocked_ioctl &&
|
!real_fops->unlocked_ioctl &&
|
||||||
!real_fops->compat_ioctl &&
|
!real_fops->compat_ioctl &&
|
||||||
|
|
Loading…
Reference in a new issue