| Message ID | 1482186016-107643-2-git-send-email-ebiggers3@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, Dec 19, 2016 at 02:20:13PM -0800, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > Attempting to link a device node, named pipe, or socket file into an > encrypted directory through rename(2) or link(2) always failed with > EPERM. This happened because fscrypt_has_permitted_context() saw that > the file was unencrypted and forbid creating the link. This behavior > was unexpected because such files are never encrypted; only regular > files, directories, and symlinks can be encrypted. > > To fix this, make fscrypt_has_permitted_context() always return true on > special files. > > This will be covered by a test in my encryption xfstests patchset. > > Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support") > Signed-off-by: Eric Biggers <ebiggers@google.com> > Reviewed-by: Richard Weinberger <richard@nod.at> > Cc: stable@vger.kernel.org Thanks, applied. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 5de0633..2e50cbc 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -198,6 +198,11 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) if (!cops->is_encrypted(parent)) return 1; + /* No restrictions on file types which are never encrypted */ + if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && + !S_ISLNK(child->i_mode)) + return 1; + /* Encrypted directories must not contain unencrypted files */ if (!cops->is_encrypted(child)) return 0;