[PATCH v2 03/10] ovl: check privs before decoding file handle
Miklos Szeredi
miklos at szeredi.hu
Wed Dec 9 16:20:43 UTC 2020
On Wed, Dec 9, 2020 at 11:13 AM Miklos Szeredi <miklos at szeredi.hu> wrote:
> Hard link indexing should work without fh decoding, since it is only
> encoding the file handle to search for the index entry, and encoding
> is not privileged.
Tested this a bit and while hard link indexing does work, inode
lookup is broken since it uses the origin inode as a key (which is not
available) instead of using the origin value directly. This is
fixable, but needs a fair amount of restructuring, so let's just
postpone this and disable index for now, as you suggested.
Thanks,
Miklos
More information about the Linux-security-module-archive
mailing list