Commit fb24560f authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'lsm-pr-20240830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm 

Pull lsm fix from Paul Moore:
 "One small patch to correct a NFS permissions problem with SELinux and
  Smack"

* tag 'lsm-pr-20240830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  selinux,smack: don't bypass permissions check in inode_setsecctx hook
parents fb1a8045 76a0e79b

security/selinux/hooks.c

+2 −2
Original line number Diff line number Diff line
@@ -6660,8 +6660,8 @@ static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen 
 */

static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)

{

	return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SELINUX,

				     ctx, ctxlen, 0);

	return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SELINUX,

				     ctx, ctxlen, 0, NULL);

}



static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)

security/smack/smack_lsm.c

+2 −2
Original line number Diff line number Diff line
@@ -4880,8 +4880,8 @@ static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 


static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)

{

	return __vfs_setxattr_noperm(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,

				     ctx, ctxlen, 0);

	return __vfs_setxattr_locked(&nop_mnt_idmap, dentry, XATTR_NAME_SMACK,

				     ctx, ctxlen, 0, NULL);

}



static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)