| Message ID | 20200522113225.29980-1-dmastykin@astralinux.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | commoncap: Make cap_inode_killpriv ignore other LSM xattr | expand |
diff --git a/security/commoncap.c b/security/commoncap.c index f4ee0ae106b2..0c12ecf5676f 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -314,7 +314,7 @@ int cap_inode_killpriv(struct dentry *dentry) int error; error = __vfs_removexattr(dentry, XATTR_NAME_CAPS); - if (error == -EOPNOTSUPP) + if (error == -ENODATA || error == -EOPNOTSUPP) error = 0; return error; }
Other LSM may set own capabilities to files. But its inode_killpriv hook may not be called because cap_inode_killpriv breaks the chain returning -ENODATA on remove xattr other than XATTR_NAME_CAPS. Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru> --- security/commoncap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)