On Tue, Feb 15, 2011 at 02:21, Chris Wright <[email protected]> wrote: > This reintroduces commit 47970b1b which was subsequently reverted > as f00eaeea. The original change was broken and caused X startup > failures and generally made privileged processes incapable of reading > device dependent config space. The normal capable() interface returns > true on success, but the LSM interface returns 0 on success. This thinko > is now fixed in this patch, and has been confirmed to work properly. > > So, once again...Eric Paris noted that commit de139a3 ("pci: check caps > from sysfs file open to read device dependent config space") caused the > capability check to bypass security modules and potentially auditing. > Rectify this by calling security_capable() when checking the open file's > capabilities for config space reads. > > Reported-by: Eric Paris <[email protected]> > Tested-by: Dave Young <[email protected]> > Acked-by: James Morris <[email protected]> > Cc: Dave Airlie <[email protected]> > Cc: Alex Riesen <[email protected]> > Cc: Sedat Dilek <[email protected]> > Cc: Linus Torvalds <[email protected]> > Signed-off-by: Chris Wright <[email protected]>
FWIW, I confirm the fix. _______________________________________________ dri-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/dri-devel
