From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A5ADE743D9 for ; Fri, 29 Sep 2023 01:52:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229919AbjI2BwY (ORCPT ); Thu, 28 Sep 2023 21:52:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229653AbjI2BwY (ORCPT ); Thu, 28 Sep 2023 21:52:24 -0400 Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0191819C for ; Thu, 28 Sep 2023 18:52:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695952343; x=1727488343; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Tgicgkhh9mpjPT8S88935hCFTgPUNhmMP393CH3xkgo=; b=cH2z+MbjmPcOO7qJEr2ITcQDelDNGrqoNmQcf/X47mgh6tgvQFvrZ2eM EqUt/3y/vIMSulXw/W092Ol4LDFvRtCVSCXOXLbwpUgfy3itp1sAq6sAn xaPUywL7EeqPuHCypVmLolYgHgY80lkBDGuBZA7uZzriIsk2P80zLL8Od 0=; X-IronPort-AV: E=Sophos;i="6.03,185,1694736000"; d="scan'208";a="32269624" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com) ([10.25.36.210]) by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2023 01:52:22 +0000 Received: from EX19MTAUWC002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com (Postfix) with ESMTPS id 632A640D6F; Fri, 29 Sep 2023 01:52:22 +0000 (UTC) Received: from EX19D010UWA004.ant.amazon.com (10.13.138.204) by EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 01:52:22 +0000 Received: from u0acfa43c8cad58.ant.amazon.com (10.119.86.250) by EX19D010UWA004.ant.amazon.com (10.13.138.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 01:52:21 +0000 From: Munehisa Kamata To: CC: , , , Subject: [PATCH for 4.19.y 1/3] Smack:- Use overlay inode label in smack_inode_copy_up() Date: Thu, 28 Sep 2023 18:51:36 -0700 Message-ID: <20230929015138.835462-2-kamatam@amazon.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230929015138.835462-1-kamatam@amazon.com> References: <20230929015033.835263-1-kamatam@amazon.com> <20230929015138.835462-1-kamatam@amazon.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.119.86.250] X-ClientProxiedBy: EX19D042UWB004.ant.amazon.com (10.13.139.150) To EX19D010UWA004.ant.amazon.com (10.13.138.204) Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vishal Goel commit 387ef964460f14fe1c1ea29aba70e22731ea7cf7 upstream. Currently in "smack_inode_copy_up()" function, process label is changed with the label on parent inode. Due to which, process is assigned directory label and whatever file or directory created by the process are also getting directory label which is wrong label. Changes has been done to use label of overlay inode instead of parent inode. Signed-off-by: Vishal Goel Signed-off-by: Casey Schaufler [4.19: adjusted for the lack of helper functions] Fixes: d6d80cb57be4 ("Smack: Base support for overlayfs") Signed-off-by: Munehisa Kamata --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4f65d953fe31..a09a9c6bbdf6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4612,7 +4612,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) /* * Get label from overlay inode and set it in create_sid */ - isp = d_inode(dentry->d_parent)->i_security; + isp = d_inode(dentry)->i_security; skp = isp->smk_inode; tsp->smk_task = skp; *new = new_creds; -- 2.34.1