aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2010-01-13 17:33:28 -0500
committerJames Morris <jmorris@namei.org>2010-01-14 16:23:57 -0500
commit8d9525048c74786205b99f3fcd05a839721edfb7 (patch)
treee09c056c9888410aea680deda092ca9b85fc77e2
parentcd7bec6ad80188394a8ea857ff1aa3512fc2282a (diff)
security: correct error returns for get/set security with private inodes
Currently, the getsecurity and setsecurity operations return zero for kernel private inodes, where xattrs are not available directly to userspace. This confuses some applications, and does not conform to the man page for getxattr(2) etc., which state that these syscalls should return ENOTSUP if xattrs are not supported or disabled. Note that in the listsecurity case, we still need to return zero as we don't know which other xattr handlers may be active. For discussion of userland confusion, see: http://www.mail-archive.com/bug-coreutils@gnu.org/msg17988.html This patch corrects the error returns so that ENOTSUP is reported to userspace as required. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Serge Hallyn <serue@us.ibm.com>
-rw-r--r--security/security.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index f2d8aa949323..440afe5eb54c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -630,14 +630,14 @@ int security_inode_killpriv(struct dentry *dentry)
630int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 630int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
631{ 631{
632 if (unlikely(IS_PRIVATE(inode))) 632 if (unlikely(IS_PRIVATE(inode)))
633 return 0; 633 return -EOPNOTSUPP;
634 return security_ops->inode_getsecurity(inode, name, buffer, alloc); 634 return security_ops->inode_getsecurity(inode, name, buffer, alloc);
635} 635}
636 636
637int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 637int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
638{ 638{
639 if (unlikely(IS_PRIVATE(inode))) 639 if (unlikely(IS_PRIVATE(inode)))
640 return 0; 640 return -EOPNOTSUPP;
641 return security_ops->inode_setsecurity(inode, name, value, size, flags); 641 return security_ops->inode_setsecurity(inode, name, value, size, flags);
642} 642}
643 643