From: Munehisa Kamata <kamatam@amazon.com>
To: <stable@vger.kernel.org>
Cc: <casey@schaufler-ca.com>, <vishal.goel@samsung.com>,
<roberto.sassu@huawei.com>, <kamatam@amazon.com>
Subject: [PATCH for 4.19.y 1/3] Smack:- Use overlay inode label in smack_inode_copy_up()
Date: Thu, 28 Sep 2023 18:51:36 -0700 [thread overview]
Message-ID: <20230929015138.835462-2-kamatam@amazon.com> (raw)
In-Reply-To: <20230929015138.835462-1-kamatam@amazon.com>
From: Vishal Goel <vishal.goel@samsung.com>
commit 387ef964460f14fe1c1ea29aba70e22731ea7cf7 upstream.
Currently in "smack_inode_copy_up()" function, process label is
changed with the label on parent inode. Due to which,
process is assigned directory label and whatever file or directory
created by the process are also getting directory label
which is wrong label.
Changes has been done to use label of overlay inode instead
of parent inode.
Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[4.19: adjusted for the lack of helper functions]
Fixes: d6d80cb57be4 ("Smack: Base support for overlayfs")
Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
---
security/smack/smack_lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 4f65d953fe31..a09a9c6bbdf6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4612,7 +4612,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new)
/*
* Get label from overlay inode and set it in create_sid
*/
- isp = d_inode(dentry->d_parent)->i_security;
+ isp = d_inode(dentry)->i_security;
skp = isp->smk_inode;
tsp->smk_task = skp;
*new = new_creds;
--
2.34.1
next prev parent reply other threads:[~2023-09-29 1:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-29 1:50 Request to cherry-pick a few Smack fixes Munehisa Kamata
2023-09-29 1:51 ` [PATCH for 4.19.y 0/3] Backport Smack fixes for 4.19.y Munehisa Kamata
2023-09-29 1:51 ` Munehisa Kamata [this message]
2023-09-29 1:51 ` [PATCH for 4.19.y 2/3] smack: Retrieve transmuting information in smack_inode_getsecurity() Munehisa Kamata
2023-09-29 1:51 ` [PATCH for 4.19.y 3/3] smack: Record transmuting in smk_transmuted Munehisa Kamata
2023-10-03 11:26 ` [PATCH for 4.19.y 0/3] Backport Smack fixes for 4.19.y Sasha Levin
2023-10-03 19:02 ` Munehisa Kamata
2023-10-04 10:00 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230929015138.835462-2-kamatam@amazon.com \
--to=kamatam@amazon.com \
--cc=casey@schaufler-ca.com \
--cc=roberto.sassu@huawei.com \
--cc=stable@vger.kernel.org \
--cc=vishal.goel@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox