| Message ID | 1481829584-50218-2-git-send-email-ebiggers3@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 15.12.2016 20:19, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > Attempting to link a device node, named pipe, or socket file into an > encrypted directory through rename(2) or link(2) always failed with > EPERM. This happened because fscrypt_permitted_context() saw that the > file was unencrypted and forbid creating the link. This behavior was > unexpected because such files are never encrypted; only regular files, > directories, and symlinks can be encrypted. > > To fix this, make fscrypt_has_permitted_context() always return true on > special files. > > This will be covered by a test in my encryption xfstests patchset. > > Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support") > Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Richard Weinberger <richard@nod.at> Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 5de0633..2e50cbc 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -198,6 +198,11 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) if (!cops->is_encrypted(parent)) return 1; + /* No restrictions on file types which are never encrypted */ + if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && + !S_ISLNK(child->i_mode)) + return 1; + /* Encrypted directories must not contain unencrypted files */ if (!cops->is_encrypted(child)) return 0;