selinux: Stop looking up dentries from inodes
SELinux sometimes needs to load the security label of an inode without
knowing which dentry belongs to that inode (for example, in the
inode_permission hook). The security label is stored in an xattr;
getxattr currently requires both the dentry and the inode.
So far, SELinux has been using d_find_alias to find any dentry for the
inode; there is no guarantee that d_find_alias finds a suitable dentry
on all types of filesystems, though.
This patch changes SELinux calls getxattr with a NULL dentry when the
dentry is unknown. On filesystems that require a dentry, getxattr fails
with -ECHILD; on all others, it succeeds.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
Changes from version 1:
* Pull in "ovl: xattr filter fix" fix from Miklos.
* generic_getxattr: Fix when dentry is NULL (inode->i_sb instead of
dentry->d_sb).
* inode_doinit_with_dentry: Remove unnecessary calls to dget/dput.
8 files changed