| Message ID | 1394041657-7114-1-git-send-email-jlayton@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Quoting Jeff Layton (jlayton@redhat.com): > Currently, cap_dentry_init_security returns 0 without actually > initializing the security label. This confuses its only caller > (nfs4_label_init_security) which expects an error in that situation, and > causes it to end up sending out junk onto the wire instead of simply > suppressing the label in the attributes sent. > > When CONFIG_SECURITY is disabled, security_dentry_init_security returns > -EOPNOTSUPP. Have cap_dentry_init_security do the same. > > Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> > --- > security/capability.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/capability.c b/security/capability.c > index 8b4f24ae4338..9323bbeba296 100644 > --- a/security/capability.c > +++ b/security/capability.c > @@ -116,7 +116,7 @@ static int cap_dentry_init_security(struct dentry *dentry, int mode, > struct qstr *name, void **ctx, > u32 *ctxlen) > { > - return 0; > + return -EOPNOTSUPP; > } > > static int cap_inode_alloc_security(struct inode *inode) > -- > 1.8.5.3 > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 5 Mar 2014, Jeff Layton wrote: > Currently, cap_dentry_init_security returns 0 without actually > initializing the security label. This confuses its only caller > (nfs4_label_init_security) which expects an error in that situation, and > causes it to end up sending out junk onto the wire instead of simply > suppressing the label in the attributes sent. > > When CONFIG_SECURITY is disabled, security_dentry_init_security returns > -EOPNOTSUPP. Have cap_dentry_init_security do the same. > > Signed-off-by: Jeff Layton <jlayton@redhat.com> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
diff --git a/security/capability.c b/security/capability.c index 8b4f24ae4338..9323bbeba296 100644 --- a/security/capability.c +++ b/security/capability.c @@ -116,7 +116,7 @@ static int cap_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name, void **ctx, u32 *ctxlen) { - return 0; + return -EOPNOTSUPP; } static int cap_inode_alloc_security(struct inode *inode)
Currently, cap_dentry_init_security returns 0 without actually initializing the security label. This confuses its only caller (nfs4_label_init_security) which expects an error in that situation, and causes it to end up sending out junk onto the wire instead of simply suppressing the label in the attributes sent. When CONFIG_SECURITY is disabled, security_dentry_init_security returns -EOPNOTSUPP. Have cap_dentry_init_security do the same. Signed-off-by: Jeff Layton <jlayton@redhat.com> --- security/capability.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)