| From f57ce065bbc35e2bad3cd3e0550ae8cbea51d4cb Mon Sep 17 00:00:00 2001 |
| From: Roberto Sassu <roberto.sassu@polito.it> |
| Date: Tue, 5 Oct 2010 18:53:45 +0200 |
| Subject: [PATCH] ecryptfs: call vfs_setxattr() in ecryptfs_setxattr() |
| |
| commit 48b512e6857139393cdfce26348c362b87537018 upstream. |
| |
| Ecryptfs is a stackable filesystem which relies on lower filesystems the |
| ability of setting/getting extended attributes. |
| |
| If there is a security module enabled on the system it updates the |
| 'security' field of inodes according to the owned extended attribute set |
| with the function vfs_setxattr(). When this function is performed on a |
| ecryptfs filesystem the 'security' field is not updated for the lower |
| filesystem since the call security_inode_post_setxattr() is missing for |
| the lower inode. |
| Further, the call security_inode_setxattr() is missing for the lower inode, |
| leading to policy violations in the security module because specific |
| checks for this hook are not performed (i. e. filesystem |
| 'associate' permission on SELinux is not checked for the lower filesystem). |
| |
| This patch replaces the call of the setxattr() method of the lower inode |
| in the function ecryptfs_setxattr() with vfs_setxattr(). |
| |
| Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> |
| Cc: stable <stable@kernel.org> |
| Cc: Dustin Kirkland <kirkland@canonical.com> |
| Acked-by: James Morris <jmorris@namei.org> |
| Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| fs/ecryptfs/inode.c | 7 +++---- |
| 1 file changed, 3 insertions(+), 4 deletions(-) |
| |
| diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c |
| index b39e46f020a7..168706e90e3f 100644 |
| --- a/fs/ecryptfs/inode.c |
| +++ b/fs/ecryptfs/inode.c |
| @@ -32,6 +32,7 @@ |
| #include <linux/crypto.h> |
| #include <linux/fs_stack.h> |
| #include <linux/slab.h> |
| +#include <linux/xattr.h> |
| #include <asm/unaligned.h> |
| #include "ecryptfs_kernel.h" |
| |
| @@ -1054,10 +1055,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, |
| rc = -EOPNOTSUPP; |
| goto out; |
| } |
| - mutex_lock(&lower_dentry->d_inode->i_mutex); |
| - rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, |
| - size, flags); |
| - mutex_unlock(&lower_dentry->d_inode->i_mutex); |
| + |
| + rc = vfs_setxattr(lower_dentry, name, value, size, flags); |
| out: |
| return rc; |
| } |
| -- |
| 1.8.5.2 |
| |