diff options
| author | James Morris <james.l.morris@oracle.com> | 2016-09-19 12:27:10 +1000 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2016-09-19 12:27:10 +1000 |
| commit | de2f4b3453d29934ceb41eccebd55ab087e17d6c (patch) | |
| tree | c8f363bd1ddddc5bc382e624d47c507ee956d19d /fs/overlayfs/copy_up.c | |
| parent | e350e24694e447e6ab7312fffae5ca31a0bb5165 (diff) | |
| parent | 9b6a9ecc2d88ccdc57efc22d69436b9dd7e2eceb (diff) | |
| download | linux-de2f4b3453d29934ceb41eccebd55ab087e17d6c.tar.gz linux-de2f4b3453d29934ceb41eccebd55ab087e17d6c.tar.xz | |
Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
Diffstat (limited to 'fs/overlayfs/copy_up.c')
| -rw-r--r-- | fs/overlayfs/copy_up.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 54e5d6681786..cd65f12b3464 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -103,6 +103,13 @@ retry: goto retry; } + error = security_inode_copy_up_xattr(name); + if (error < 0 && error != -EOPNOTSUPP) + break; + if (error == 1) { + error = 0; + continue; /* Discard */ + } error = vfs_setxattr(new, name, value, size, 0); if (error) break; @@ -246,6 +253,8 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir, struct dentry *upper = NULL; umode_t mode = stat->mode; int err; + const struct cred *old_creds = NULL; + struct cred *new_creds = NULL; newdentry = ovl_lookup_temp(workdir, dentry); err = PTR_ERR(newdentry); @@ -258,10 +267,23 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir, if (IS_ERR(upper)) goto out1; + err = security_inode_copy_up(dentry, &new_creds); + if (err < 0) + goto out2; + + if (new_creds) + old_creds = override_creds(new_creds); + /* Can't properly set mode on creation because of the umask */ stat->mode &= S_IFMT; err = ovl_create_real(wdir, newdentry, stat, link, NULL, true); stat->mode = mode; + + if (new_creds) { + revert_creds(old_creds); + put_cred(new_creds); + } + if (err) goto out2; |