Stable backport of de3004c874e7 ("ocfs2: Switch to security_inode_init_security()")
Roberto Sassu
roberto.sassu at huaweicloud.com
Mon May 22 07:55:36 UTC 2023
On Sat, 2023-05-20 at 14:54 +0900, Tetsuo Handa wrote:
> On 2023/05/20 6:51, Paul Moore wrote:
> > Finally, since security_inode_init_security(), unlike
> > security_old_inode_init_security(), returns zero instead of -EOPNOTSUPP if
> > no xattrs were provided by LSMs or if inodes are private, additionally
> > check in ocfs2_init_security_get() if the xattr name is set.
> >
> > If not, act as if security_old_inode_init_security() returned -EOPNOTSUPP,
> > and set si->enable to zero to notify to the functions following
> > ocfs2_init_security_get() that no xattrs are available.
>
> Regarding security_inode_init_security(), similar problem was found on reiserfs.
>
> https://lkml.kernel.org/r/a800496b-cae9-81bf-c79e-d8342418c5be@I-love.SAKURA.ne.jp
>
> Is it really expected behavior that security_inode_init_security() returns 0 when
> initxattrs is provided but call_int_hook(inode_init_security) returned -EOPNOTSUPP ?
It is going to change with this upcoming patch:
https://lore.kernel.org/linux-integrity/20230331123221.3273328-3-roberto.sassu@huaweicloud.com/
There will be only one loop, and error handling would be the same.
Thanks
Roberto
More information about the Linux-security-module-archive
mailing list