diff mbox series

[v5,5/5] ceph: prevent snapshots to be created in encrypted locked directories

Message ID 20220418135957.12056-6-lhenriques@suse.de (mailing list archive)
State New, archived
Headers show
Series ceph: add support for snapshot names encryption | expand

Commit Message

Luís Henriques April 18, 2022, 1:59 p.m. UTC
With snapshot names encryption we can not allow snapshots to be created in
locked directories because the names wouldn't be encrypted.  This patch
forces the directory to be unlocked to allow a snapshot to be created.

Signed-off-by: Luís Henriques <lhenriques@suse.de>
---
 fs/ceph/dir.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index f48f1ff20927..44b7114ca267 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1071,6 +1071,11 @@  static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
 		err = -EDQUOT;
 		goto out;
 	}
+	if ((op == CEPH_MDS_OP_MKSNAP) && IS_ENCRYPTED(dir) &&
+	    !fscrypt_has_encryption_key(dir)) {
+		err = -ENOKEY;
+		goto out;
+	}
 
 
 	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);