|
@@ -249,9 +249,11 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
|
|
|
|
|
/*
|
|
|
* MAY_EXEC on regular files requires special handling: We override
|
|
|
- * filesystem execute permissions if the mode bits aren't set.
|
|
|
+ * filesystem execute permissions if the mode bits aren't set or
|
|
|
+ * the fs is mounted with the "noexec" flag.
|
|
|
*/
|
|
|
- if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
|
|
|
+ if ((mask & MAY_EXEC) && S_ISREG(mode) && (!(mode & S_IXUGO) ||
|
|
|
+ (nd && nd->mnt && (nd->mnt->mnt_flags & MNT_NOEXEC))))
|
|
|
return -EACCES;
|
|
|
|
|
|
/* Ordinary permission routines do not understand MAY_APPEND. */
|