Re: [PATCH 2/7] Overlayfs: Use copy-up security hooks
From: Paul Moore
Date: Fri Nov 07 2014 - 16:39:31 EST
On Wednesday, November 05, 2014 03:42:38 PM David Howells wrote:
> Use the copy-up security hooks previously provided to allow an LSM to adjust
> the security on a newly created copy and to filter the xattrs copied to
> that file copy.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> ---
>
> fs/overlayfs/copy_up.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> index ea10a8719107..53a357d0a214 100644
> --- a/fs/overlayfs/copy_up.c
> +++ b/fs/overlayfs/copy_up.c
> @@ -58,6 +58,14 @@ int ovl_copy_xattr(struct dentry *old, struct dentry
> *new) error = size;
> goto out_free_value;
> }
> + error = security_inode_copy_up_xattr(old, new,
> + name, value, &size);
So the LSM must modify the xattr in place? I suppose that since the @value is
allocated to the max size it shouldn't be a problem. Just checking ...
> + if (error < 0)
> + goto out_free_value;
> + if (error == 1) {
> + error = 0;
> + continue; /* Discard */
> + }
> error = vfs_setxattr(new, name, value, size, 0);
> if (error)
> goto out_free_value;
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/