Since
4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.
In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.
Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.
Change-Id: I06e1977d30afe39f6758ea18245046d413fa46a4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
[jooseong.lee: Backported from mainline]
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
case PIPEFS_MAGIC:
isp->smk_inode = smk_of_current()->smk_known;
break;
+ case SOCKFS_MAGIC:
+ /*
+ * Socket access is controlled by the socket
+ * structures associated with the task involved.
+ */
+ isp->smk_inode = smack_known_star.smk_known;
+ break;
default:
isp->smk_inode = sbsp->smk_root;
break;
*/
switch (sbp->s_magic) {
case SMACK_MAGIC:
- case PIPEFS_MAGIC:
- case SOCKFS_MAGIC:
case CGROUP_SUPER_MAGIC:
/*
* Casey says that it's a little embarrassing
* that the smack file system doesn't do
* extended attributes.
*
- * Casey says pipes are easy (?)
- *
- * Socket access is controlled by the socket
- * structures associated with the task involved.
- *
* Cgroupfs is special
*/
final = smack_known_star.smk_known;
projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / commitdiff