git.baikalelectronics.ru Git - kernel.git/commit

author	Andreas Gruenbacher <agruenba@redhat.com>
	Sun, 13 Nov 2016 20:23:34 +0000 (21:23 +0100)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Thu, 17 Nov 2016 05:00:23 +0000 (00:00 -0500)
commit	c337826d7b94d46c4a53ea35f9ad5091ca004aa1
tree	5116875c49182649c9230d0fee6e9b53c58abf3e	tree \| snapshot
parent	301a806b3f88bebc48a3e97f149a6fb39f1d6e94	commit \| diff

xattr: Fix setting security xattrs on sockfs

The IOP_XATTR flag is set on sockfs because sockfs supports getting the
"system.sockprotoname" xattr.  Since commit 3971ff78, this flag is checked for
setxattr support as well.  This is wrong on sockfs because security xattr
support there is supposed to be provided by security_inode_setsecurity.  The
smack security module relies on socket labels (xattrs).

Fix this by adding a security xattr handler on sockfs that returns
-EAGAIN, and by checking for -EAGAIN in setxattr.

We cannot simply check for -EOPNOTSUPP in setxattr because there are
filesystems that neither have direct security xattr support nor support
via security_inode_setsecurity.  A more proper fix might be to move the
call to security_inode_setsecurity into sockfs, but it's not clear to me
if that is safe: we would end up calling security_inode_post_setxattr after
that as well.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

fs/xattr.c		diff \| blob \| history
net/socket.c		diff \| blob \| history