linux_dsm_epyc7002/security/smack
Rafal Krypa 805b65a80b Smack: fix d_instantiate logic for sockfs and pipefs
Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.

In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.

Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2017-01-10 09:47:20 -08:00
..
Kconfig Smack: Signal delivery as an append operation 2016-09-08 13:22:56 -07:00
Makefile Smack: Repair netfilter dependency 2015-01-23 10:08:19 -08:00
smack_access.c Smack: Remove unnecessary smack_known_invalid 2016-11-15 09:34:39 -08:00
smack_lsm.c Smack: fix d_instantiate logic for sockfs and pipefs 2017-01-10 09:47:20 -08:00
smack_netfilter.c security: Use IS_ENABLED() instead of checking for built-in or module 2016-08-08 13:08:25 -04:00
smack.h SMACK: Free the i_security blob in inode using RCU 2017-01-10 09:47:20 -08:00
smackfs.c SMACK: Add new lock for adding entry in smack master list 2017-01-10 09:47:20 -08:00