mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	xfs: add selinux labels to whiteout inodes
We got a report that "renameat2() with flags=RENAME_WHITEOUT doesn't apply an SELinux label on xfs" as it does on other filesystems (for example, ext4 and tmpfs.) While I'm not quite sure how labels may interact w/ whiteout files, leaving them as unlabeled seems inconsistent at best. Now that xfs_init_security is not static, rename it to xfs_inode_init_security per dchinner's suggestion. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
This commit is contained in:
		
							parent
							
								
									fddb564f62
								
							
						
					
					
						commit
						70b589a37e
					
				| @ -3032,10 +3032,12 @@ out_trans_abort: | ||||
| static int | ||||
| xfs_rename_alloc_whiteout( | ||||
| 	struct user_namespace	*mnt_userns, | ||||
| 	struct xfs_name		*src_name, | ||||
| 	struct xfs_inode	*dp, | ||||
| 	struct xfs_inode	**wip) | ||||
| { | ||||
| 	struct xfs_inode	*tmpfile; | ||||
| 	struct qstr		name; | ||||
| 	int			error; | ||||
| 
 | ||||
| 	error = xfs_create_tmpfile(mnt_userns, dp, S_IFCHR | WHITEOUT_MODE, | ||||
| @ -3043,6 +3045,15 @@ xfs_rename_alloc_whiteout( | ||||
| 	if (error) | ||||
| 		return error; | ||||
| 
 | ||||
| 	name.name = src_name->name; | ||||
| 	name.len = src_name->len; | ||||
| 	error = xfs_inode_init_security(VFS_I(tmpfile), VFS_I(dp), &name); | ||||
| 	if (error) { | ||||
| 		xfs_finish_inode_setup(tmpfile); | ||||
| 		xfs_irele(tmpfile); | ||||
| 		return error; | ||||
| 	} | ||||
| 
 | ||||
| 	/*
 | ||||
| 	 * Prepare the tmpfile inode as if it were created through the VFS. | ||||
| 	 * Complete the inode setup and flag it as linkable.  nlink is already | ||||
| @ -3093,7 +3104,8 @@ xfs_rename( | ||||
| 	 * appropriately. | ||||
| 	 */ | ||||
| 	if (flags & RENAME_WHITEOUT) { | ||||
| 		error = xfs_rename_alloc_whiteout(mnt_userns, target_dp, &wip); | ||||
| 		error = xfs_rename_alloc_whiteout(mnt_userns, src_name, | ||||
| 						  target_dp, &wip); | ||||
| 		if (error) | ||||
| 			return error; | ||||
| 
 | ||||
|  | ||||
| @ -75,9 +75,8 @@ xfs_initxattrs( | ||||
|  * these attrs can be journalled at inode creation time (along with the | ||||
|  * inode, of course, such that log replay can't cause these to be lost). | ||||
|  */ | ||||
| 
 | ||||
| STATIC int | ||||
| xfs_init_security( | ||||
| int | ||||
| xfs_inode_init_security( | ||||
| 	struct inode	*inode, | ||||
| 	struct inode	*dir, | ||||
| 	const struct qstr *qstr) | ||||
| @ -122,7 +121,7 @@ xfs_cleanup_inode( | ||||
| 
 | ||||
| 	/* Oh, the horror.
 | ||||
| 	 * If we can't add the ACL or we fail in | ||||
| 	 * xfs_init_security we must back out. | ||||
| 	 * xfs_inode_init_security we must back out. | ||||
| 	 * ENOSPC can hit here, among other things. | ||||
| 	 */ | ||||
| 	xfs_dentry_to_name(&teardown, dentry); | ||||
| @ -208,7 +207,7 @@ xfs_generic_create( | ||||
| 
 | ||||
| 	inode = VFS_I(ip); | ||||
| 
 | ||||
| 	error = xfs_init_security(inode, dir, &dentry->d_name); | ||||
| 	error = xfs_inode_init_security(inode, dir, &dentry->d_name); | ||||
| 	if (unlikely(error)) | ||||
| 		goto out_cleanup_inode; | ||||
| 
 | ||||
| @ -424,7 +423,7 @@ xfs_vn_symlink( | ||||
| 
 | ||||
| 	inode = VFS_I(cip); | ||||
| 
 | ||||
| 	error = xfs_init_security(inode, dir, &dentry->d_name); | ||||
| 	error = xfs_inode_init_security(inode, dir, &dentry->d_name); | ||||
| 	if (unlikely(error)) | ||||
| 		goto out_cleanup_inode; | ||||
| 
 | ||||
|  | ||||
| @ -17,4 +17,7 @@ extern void xfs_setattr_time(struct xfs_inode *ip, struct iattr *iattr); | ||||
| int xfs_vn_setattr_size(struct user_namespace *mnt_userns, | ||||
| 		struct dentry *dentry, struct iattr *vap); | ||||
| 
 | ||||
| int xfs_inode_init_security(struct inode *inode, struct inode *dir, | ||||
| 		const struct qstr *qstr); | ||||
| 
 | ||||
| #endif /* __XFS_IOPS_H__ */ | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Eric Sandeen
						Eric Sandeen