| Message ID | 20250312212148.274205-6-ryan.lee@canonical.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fs, lsm: mediate O_PATH fd creation in file_open hook | expand |
On 3/12/2025 2:21 PM, Ryan Lee wrote: > Now that O_PATH fds are being passed to the file_open hook, > unconditionally skip mediation of them to preserve existing behavior. > > Signed-off-by: Ryan Lee <ryan.lee@canonical.com> > --- > security/smack/smack_lsm.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 2f65eb392bc0..c05e223bfb33 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) > struct smk_audit_info ad; > int rc; > > + /* Preserve the behavior of O_PATH fd creation not being mediated */ In Smack the single line comment is discouraged. Please use + /* + * Preserve the behavior of O_PATH fd creation not being mediated + */ > + if (file->f_flags & O_PATH) > + return 0; > + > smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); > smk_ad_setfield_u_fs_path(&ad, file->f_path); > rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2f65eb392bc0..c05e223bfb33 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) struct smk_audit_info ad; int rc; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+)