Smack: fix d_instantiate logic for sockfs and pipefs
diff mbox

Message ID 20161209130304.20862-1-r.krypa@samsung.com
State New
Headers show

Commit Message

Rafa? Krypa Dec. 9, 2016, 1:03 p.m. UTC
Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.

In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.

Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
---
 security/smack/smack_lsm.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Casey Schaufler Dec. 15, 2016, 11:58 p.m. UTC | #1
On 12/9/2016 5:03 AM, Rafal Krypa wrote:
> Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
> It caused filesystem specific code in smack_d_instantiate to be skipped,
> because all inodes on those pseudo filesystems were treated as root inodes.
> As a result all sockfs inodes had the Smack label set to floor.
>
> In most cases access checks for sockets use socket_smack data so the inode
> label is not important. But there are special cases that were broken.
> One example would be calling fcntl with F_SETOWN command on a socket fd.
>
> Now smack_d_instantiate expects all pipefs and sockfs inodes to be
> disconnected and has the logic in appropriate place.
>
> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Acked-by: Casey Schaufler <casey@schaufler-ca.com>

I have queued this for my 4.11 tree.

> ---
>  security/smack/smack_lsm.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 4d90257..9d79d2f 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -3438,6 +3438,13 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
>  		case PIPEFS_MAGIC:
>  			isp->smk_inode = smk_of_current();
>  			break;
> +		case SOCKFS_MAGIC:
> +			/*
> +			 * Socket access is controlled by the socket
> +			 * structures associated with the task involved.
> +			 */
> +			isp->smk_inode = &smack_known_star;
> +			break;
>  		default:
>  			isp->smk_inode = sbsp->smk_root;
>  			break;
> @@ -3454,19 +3461,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
>  	 */
>  	switch (sbp->s_magic) {
>  	case SMACK_MAGIC:
> -	case PIPEFS_MAGIC:
> -	case SOCKFS_MAGIC:
>  	case CGROUP_SUPER_MAGIC:
>  		/*
>  		 * Casey says that it's a little embarrassing
>  		 * that the smack file system doesn't do
>  		 * extended attributes.
>  		 *
> -		 * Casey says pipes are easy (?)
> -		 *
> -		 * Socket access is controlled by the socket
> -		 * structures associated with the task involved.
> -		 *
>  		 * Cgroupfs is special
>  		 */
>  		final = &smack_known_star;

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 4d90257..9d79d2f 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3438,6 +3438,13 @@  static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
 		case PIPEFS_MAGIC:
 			isp->smk_inode = smk_of_current();
 			break;
+		case SOCKFS_MAGIC:
+			/*
+			 * Socket access is controlled by the socket
+			 * structures associated with the task involved.
+			 */
+			isp->smk_inode = &smack_known_star;
+			break;
 		default:
 			isp->smk_inode = sbsp->smk_root;
 			break;
@@ -3454,19 +3461,12 @@  static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
 	 */
 	switch (sbp->s_magic) {
 	case SMACK_MAGIC:
-	case PIPEFS_MAGIC:
-	case SOCKFS_MAGIC:
 	case CGROUP_SUPER_MAGIC:
 		/*
 		 * Casey says that it's a little embarrassing
 		 * that the smack file system doesn't do
 		 * extended attributes.
 		 *
-		 * Casey says pipes are easy (?)
-		 *
-		 * Socket access is controlled by the socket
-		 * structures associated with the task involved.
-		 *
 		 * Cgroupfs is special
 		 */
 		final = &smack_known_star;