[PATCH v1 1/1] fs: Fix use of incorrect flags with splice() on pipe from/to memfd
Jan Polensky
japo at linux.ibm.com
Fri Jul 11 14:01:13 UTC 2025
On Thu, Jul 10, 2025 at 01:34:12PM +0200, Christian Brauner wrote:
> On Tue, Jul 08, 2025 at 05:43:52PM +0200, Jan Polensky wrote:
> > Fix use of incorrect flags when using splice() with pipe ends and
[skip]
> > + }
>
> That hides secret memory inodes from LSMs which is the exact opposite of
> what the original commit was there to fix. I'm pretty sure that the
> EACCES comes from the LSM layer because the relevant refpolicy or
> however that works hasn't been updated to allow secret memory files to
> use splice().
>
> This is a chicken-and-egg problem withy anything that strips S_PRIVATE
> from things that were previously S_PRIVATE.
Yes, agree. I've already send a fix to LTP.
Thank you for your reply.
More information about the Linux-security-module-archive
mailing list