From patchwork Thu Aug 20 18:19:58 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andreas_Gr=C3=BCnbacher?= X-Patchwork-Id: 7046511 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 1A10BC05AC for ; Thu, 20 Aug 2015 18:25:08 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3A2B72044C for ; Thu, 20 Aug 2015 18:25:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 491C0205C2 for ; Thu, 20 Aug 2015 18:25:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751523AbbHTSZE (ORCPT ); Thu, 20 Aug 2015 14:25:04 -0400 Received: from mail-wi0-f176.google.com ([209.85.212.176]:38524 "EHLO mail-wi0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751304AbbHTSZC (ORCPT ); Thu, 20 Aug 2015 14:25:02 -0400 Received: by wicja10 with SMTP id ja10so43076599wic.1; Thu, 20 Aug 2015 11:25:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mUR6IO9AMBvam5SFy5xpYkx1oVBNu9brYVatYKLIU+M=; b=PaN0OfX2LvicSalTgWt10j6xn1I8V+OTwX0FicQfDIra5KmRSt7nAixAzlIc3SHu4z XAf0RqkN1/f3WOGydLsARnpuxBjRWP5Pi6dwx74/UKAv+XCcR2PcmTBwuFn73tvrFimd 9wN2UGRmWWrVg3CJGIhXMLBUhwHeW9QY0bxGuFaGPJhBjii1Jf+B+9ky6bfqwFN/AVNz gBn1ohjUQZyGqMp2RhJtAzNPpCuDm0MTbDQZnZj/PhjLrYF70uBteGwGm9kREa0SdQc3 A4PTl2m4lx1N4OGOPuAAPC6J9XS2ODWJe3P7SUI06Qt5qVBzrGH862z0ioEx7av74NL+ kPUg== X-Received: by 10.194.117.5 with SMTP id ka5mr8144099wjb.50.1440095101618; Thu, 20 Aug 2015 11:25:01 -0700 (PDT) Received: from nuc.home.com (p549817FE.dip0.t-ipconnect.de. [84.152.23.254]) by smtp.gmail.com with ESMTPSA id ma4sm6598334wjb.38.2015.08.20.11.24.59 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Aug 2015 11:25:00 -0700 (PDT) From: Andreas Gruenbacher X-Google-Original-From: Andreas Gruenbacher To: Alexander Viro , Christoph Hellwig , Eric Paris , "Aneesh Kumar K.V" , linux-fsdevel@vger.kernel.org, David Quigley , "J. Bruce Fields" Cc: linux-security-module@vger.kernel.org, cluster-devel@redhat.com Subject: [RFC 11/11] gfs2: Invalide security labels of inodes that go invalid Date: Thu, 20 Aug 2015 20:19:58 +0200 Message-Id: <1440094798-1411-12-git-send-email-agruenba@redhat.com> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1440094798-1411-1-git-send-email-agruenba@redhat.com> References: <1440094798-1411-1-git-send-email-agruenba@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Invalide security labels of inodes when they go invalid. SELinux will reload the "security.selinux" xattr via iop->igetxattr on the next access. Signed-off-by: Andreas Gruenbacher --- fs/gfs2/glops.c | 2 ++ fs/gfs2/inode.c | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c index fa3fa5e..29be6d3 100644 --- a/fs/gfs2/glops.c +++ b/fs/gfs2/glops.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "gfs2.h" #include "incore.h" @@ -260,6 +261,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags) if (ip) { set_bit(GIF_INVALID, &ip->i_flags); forget_all_cached_acls(&ip->i_inode); + security_inode_invalidate_secctx(&ip->i_inode); gfs2_dir_hash_inval(ip); } } diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 063fdfc..3474976 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c @@ -2011,28 +2011,33 @@ static int gfs2_setxattr(struct dentry *dentry, const char *name, return ret; } -static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name, +static ssize_t gfs2_igetxattr(struct inode *inode, const char *name, void *data, size_t size) { - struct inode *inode = d_inode(dentry); struct gfs2_inode *ip = GFS2_I(inode); struct gfs2_holder gh; int ret; /* For selinux during lookup */ if (gfs2_glock_is_locked_by_me(ip->i_gl)) - return generic_getxattr(dentry, name, data, size); + return generic_igetxattr(inode, name, data, size); gfs2_holder_init(ip->i_gl, LM_ST_SHARED, LM_FLAG_ANY, &gh); ret = gfs2_glock_nq(&gh); if (ret == 0) { - ret = generic_getxattr(dentry, name, data, size); + ret = generic_igetxattr(inode, name, data, size); gfs2_glock_dq(&gh); } gfs2_holder_uninit(&gh); return ret; } +static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name, + void *data, size_t size) +{ + return gfs2_igetxattr(d_inode(dentry), name, data, size); +} + static int gfs2_removexattr(struct dentry *dentry, const char *name) { struct inode *inode = d_inode(dentry); @@ -2099,6 +2104,7 @@ const struct inode_operations gfs2_file_iops = { .setattr = gfs2_setattr, .getattr = gfs2_getattr, .setxattr = gfs2_setxattr, + .igetxattr = gfs2_igetxattr, .getxattr = gfs2_getxattr, .listxattr = gfs2_listxattr, .removexattr = gfs2_removexattr, @@ -2121,6 +2127,7 @@ const struct inode_operations gfs2_dir_iops = { .setattr = gfs2_setattr, .getattr = gfs2_getattr, .setxattr = gfs2_setxattr, + .igetxattr = gfs2_igetxattr, .getxattr = gfs2_getxattr, .listxattr = gfs2_listxattr, .removexattr = gfs2_removexattr, @@ -2138,6 +2145,7 @@ const struct inode_operations gfs2_symlink_iops = { .setattr = gfs2_setattr, .getattr = gfs2_getattr, .setxattr = gfs2_setxattr, + .igetxattr = gfs2_igetxattr, .getxattr = gfs2_getxattr, .listxattr = gfs2_listxattr, .removexattr = gfs2_removexattr,