[5/5] Use __vfs_getxattr to get overlayfs xattrs

Message ID	20190211165323.9369-6-iforster@suse.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-integrity-owner@kernel.org> From: Ignaz Forster <iforster@suse.com> To: Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>, linux-unionfs@vger.kernel.org Cc: Fabian Vogt <fvogt@suse.com>, Ignaz Forster <iforster@suse.de>, Fabian Vogt <fvogt@suse.de> Subject: [PATCH 5/5] Use __vfs_getxattr to get overlayfs xattrs Date: Mon, 11 Feb 2019 17:53:23 +0100 Message-Id: <20190211165323.9369-6-iforster@suse.com> In-Reply-To: <20190211165323.9369-1-iforster@suse.com> References: <20190211165323.9369-1-iforster@suse.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	Fix overlayfs on EVM \| expand [RFC,0/5] Fix overlayfs on EVM [1/5] evm: instead of using the overlayfs i_ino, use the real i_ino [2/5] Rename ima_post_create_tmpfile [3/5] Execute IMA post create hook in vfs_create [4/5] Ignore IMA / EVM xattrs during copy_up [5/5] Use __vfs_getxattr to get overlayfs xattrs

Message ID

20190211165323.9369-6-iforster@suse.com (mailing list archive)

State

New, archived

Headers

From: Ignaz Forster <iforster@suse.com>
To: Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org,
        Miklos Szeredi <miklos@szeredi.hu>,
        linux-unionfs@vger.kernel.org
Cc: Fabian Vogt <fvogt@suse.com>, Ignaz Forster <iforster@suse.de>,
        Fabian Vogt <fvogt@suse.de>
Subject: [PATCH 5/5] Use __vfs_getxattr to get overlayfs xattrs
Date: Mon, 11 Feb 2019 17:53:23 +0100
Message-Id: <20190211165323.9369-6-iforster@suse.com>
In-Reply-To: <20190211165323.9369-1-iforster@suse.com>
References: <20190211165323.9369-1-iforster@suse.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

Fix overlayfs on EVM | expand

Commit Message

Ignaz Forster Feb. 11, 2019, 4:53 p.m. UTC

From: Ignaz Forster <iforster@suse.de>

In vfs_getxattr a query of "security.selinux" will return
"unlabeled", while in __vfs_getxattr -ENODATA will be returned for
the same query. This causes a difference in the generated EVM hashes
for the file on the underlying file system and overlayfs.

Circumvent this by calling __vfs_getxattr directly.

Co-developed-by: Fabian Vogt <fvogt@suse.de>
Signed-off-by: Fabian Vogt <fvogt@suse.de>
Signed-off-by: Ignaz Forster <iforster@suse.de>
---
 fs/overlayfs/inode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 3b7ed5d2279c..e2c737936576 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -374,7 +374,8 @@  int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
 		ovl_i_dentry_upper(inode) ?: ovl_dentry_lower(dentry);
 
 	old_cred = ovl_override_creds(dentry->d_sb);
-	res = vfs_getxattr(realdentry, name, value, size);
+	res = __vfs_getxattr(realdentry, d_backing_inode(realdentry),
+			name, value, size);
 	revert_creds(old_cred);
 	return res;
 }

[5/5] Use __vfs_getxattr to get overlayfs xattrs

Commit Message

Patch