From patchwork Wed Nov 2 19:34:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Gruenbacher X-Patchwork-Id: 9409779 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 53CCA60585 for ; Wed, 2 Nov 2016 19:34:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3CC2A2A53A for ; Wed, 2 Nov 2016 19:34:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2D8542A588; Wed, 2 Nov 2016 19:34:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B8522A53A for ; Wed, 2 Nov 2016 19:34:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755761AbcKBTe0 (ORCPT ); Wed, 2 Nov 2016 15:34:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56066 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754554AbcKBTeZ (ORCPT ); Wed, 2 Nov 2016 15:34:25 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D34FAC04B92A; Wed, 2 Nov 2016 19:34:24 +0000 (UTC) Received: from nux.redhat.com (vpn1-5-13.ams2.redhat.com [10.36.5.13]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id uA2JYLwW025602; Wed, 2 Nov 2016 15:34:22 -0400 From: Andreas Gruenbacher To: Casey Schaufler Cc: Andreas Gruenbacher , Al Viro , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Stephen Smalley Subject: [PATCH] Re: Problem with setxattr on sockfs with Smack after 971df15bd54ad46e907046ff33750a137b2f0096 Date: Wed, 2 Nov 2016 20:34:21 +0100 Message-Id: <1478115261-29669-1-git-send-email-agruenba@redhat.com> References: In-Reply-To: X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 02 Nov 2016 19:34:24 +0000 (UTC) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Casey, does this patch help? (The way how security xattrs are handled by LSM is pretty ugly. I'm not convinced that it doesn't break something else, yet.) Thanks, Andreas --- fs/xattr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index 3368659..bf09836 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -183,11 +183,13 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, security_inode_post_setxattr(dentry, name, value, size, flags); } - } else if (issec) { - const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; - + } else { if (unlikely(is_bad_inode(inode))) return -EIO; + } + if (issec && error == -EOPNOTSUPP) { + const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; + error = security_inode_setsecurity(inode, suffix, value, size, flags); if (!error)