diff options
author | James Morris <jmorris@namei.org> | 2010-01-13 17:33:28 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-01-14 16:23:57 -0500 |
commit | 8d9525048c74786205b99f3fcd05a839721edfb7 (patch) | |
tree | e09c056c9888410aea680deda092ca9b85fc77e2 | |
parent | cd7bec6ad80188394a8ea857ff1aa3512fc2282a (diff) |
security: correct error returns for get/set security with private inodes
Currently, the getsecurity and setsecurity operations return zero for
kernel private inodes, where xattrs are not available directly to
userspace.
This confuses some applications, and does not conform to the
man page for getxattr(2) etc., which state that these syscalls
should return ENOTSUP if xattrs are not supported or disabled.
Note that in the listsecurity case, we still need to return zero
as we don't know which other xattr handlers may be active.
For discussion of userland confusion, see:
http://www.mail-archive.com/bug-coreutils@gnu.org/msg17988.html
This patch corrects the error returns so that ENOTSUP is reported
to userspace as required.
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Serge Hallyn <serue@us.ibm.com>
-rw-r--r-- | security/security.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c index f2d8aa949323..440afe5eb54c 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -630,14 +630,14 @@ int security_inode_killpriv(struct dentry *dentry) | |||
630 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) | 630 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) |
631 | { | 631 | { |
632 | if (unlikely(IS_PRIVATE(inode))) | 632 | if (unlikely(IS_PRIVATE(inode))) |
633 | return 0; | 633 | return -EOPNOTSUPP; |
634 | return security_ops->inode_getsecurity(inode, name, buffer, alloc); | 634 | return security_ops->inode_getsecurity(inode, name, buffer, alloc); |
635 | } | 635 | } |
636 | 636 | ||
637 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) | 637 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) |
638 | { | 638 | { |
639 | if (unlikely(IS_PRIVATE(inode))) | 639 | if (unlikely(IS_PRIVATE(inode))) |
640 | return 0; | 640 | return -EOPNOTSUPP; |
641 | return security_ops->inode_setsecurity(inode, name, value, size, flags); | 641 | return security_ops->inode_setsecurity(inode, name, value, size, flags); |
642 | } | 642 | } |
643 | 643 | ||