diff options
author | Łukasz Stelmach <l.stelmach@samsung.com> | 2014-12-16 16:53:08 +0100 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2015-01-19 09:58:02 -0800 |
commit | 1d8c2326a4a2a4d942f9165b5702fe6f869ccf48 (patch) | |
tree | 73feff9476c237bb3bb5df51f7529217fa2768ab /security/smack | |
parent | 68390ccf8b0a3470032f053d50379cfd49fbe952 (diff) | |
download | linux-1d8c2326a4a2a4d942f9165b5702fe6f869ccf48.tar.gz linux-1d8c2326a4a2a4d942f9165b5702fe6f869ccf48.tar.bz2 linux-1d8c2326a4a2a4d942f9165b5702fe6f869ccf48.zip |
smack: introduce a special case for tmpfs in smack_d_instantiate()
Files created with __shmem_file_stup() appear to have somewhat fake
dentries which make them look like root directories and not get
the label the current process or ("*") star meant for tmpfs files.
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack_lsm.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 048d92e81a34..2160e88a2e4e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3036,7 +3036,8 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) * of the superblock. */ if (opt_dentry->d_parent == opt_dentry) { - if (sbp->s_magic == CGROUP_SUPER_MAGIC) { + switch (sbp->s_magic) { + case CGROUP_SUPER_MAGIC: /* * The cgroup filesystem is never mounted, * so there's no opportunity to set the mount @@ -3044,8 +3045,19 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) */ sbsp->smk_root = &smack_known_star; sbsp->smk_default = &smack_known_star; + isp->smk_inode = sbsp->smk_root; + break; + case TMPFS_MAGIC: + /* + * What about shmem/tmpfs anonymous files with dentry + * obtained from d_alloc_pseudo()? + */ + isp->smk_inode = smk_of_current(); + break; + default: + isp->smk_inode = sbsp->smk_root; + break; } - isp->smk_inode = sbsp->smk_root; isp->smk_flags |= SMK_INODE_INSTANT; goto unlockandout; } |