[PATCH v2 03/10] ovl: check privs before decoding file handle

Miklos Szeredi miklos at szeredi.hu
Wed Dec 9 16:20:43 UTC 2020


On Wed, Dec 9, 2020 at 11:13 AM Miklos Szeredi <miklos at szeredi.hu> wrote:

> Hard link indexing should work without fh decoding, since it is only
> encoding the file handle to search for the index entry, and encoding
> is not privileged.

Tested this a bit and while hard link indexing does work,  inode
lookup is broken since it uses the origin inode as a key (which is not
available) instead of using the origin value directly.  This is
fixable, but needs a fair amount of restructuring, so let's just
postpone this and disable index for now, as you suggested.

Thanks,
Miklos



More information about the Linux-security-module-archive mailing list