ovl: call secutiry hook in ovl_real_ioctl()

author Miklos Szeredi <mszeredi@redhat.com>

Tue, 2 Jun 2020 20:20:26 +0000 (22:20 +0200)

committer Miklos Szeredi <mszeredi@redhat.com>

Wed, 3 Jun 2020 07:45:18 +0000 (09:45 +0200)
author Miklos Szeredi <mszeredi@redhat.com>
Tue, 2 Jun 2020 20:20:26 +0000 (22:20 +0200)
committer Miklos Szeredi <mszeredi@redhat.com>
Wed, 3 Jun 2020 07:45:18 +0000 (09:45 +0200)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c

index 87c362f..1860e22 100644 (file)
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -10,6 +10,7 @@
  #include <linux/uio.h>
  #include <linux/uaccess.h>
  #include <linux/splice.h>
+#include <linux/security.h>
  #include <linux/mm.h>
  #include <linux/fs.h>
  #include "overlayfs.h"
@@ -520,7 +521,9 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
                 return ret;
  
         old_cred = ovl_override_creds(file_inode(file)->i_sb);
-       ret = vfs_ioctl(real.file, cmd, arg);
+       ret = security_file_ioctl(real.file, cmd, arg);
+       if (!ret)
+               ret = vfs_ioctl(real.file, cmd, arg);
         revert_creds(old_cred);
  
         fdput(real);
diff --git a/security/security.c b/security/security.c

index 7fed24b..a674141 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1459,6 +1459,7 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  {
         return call_int_hook(file_ioctl, 0, file, cmd, arg);
  }
+EXPORT_SYMBOL_GPL(security_file_ioctl);
  
  static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
  {
author	Miklos Szeredi <mszeredi@redhat.com>
	Tue, 2 Jun 2020 20:20:26 +0000 (22:20 +0200)
committer	Miklos Szeredi <mszeredi@redhat.com>
	Wed, 3 Jun 2020 07:45:18 +0000 (09:45 +0200)
fs/overlayfs/file.c		patch \| blob \| history
security/security.c		patch \| blob \| history