Commit 8d9525048c74786205b99f3fcd05a839721edfb7
1 parent
cd7bec6ad8
Exists in
master
and in
7 other branches
security: correct error returns for get/set security with private inodes
Currently, the getsecurity and setsecurity operations return zero for kernel private inodes, where xattrs are not available directly to userspace. This confuses some applications, and does not conform to the man page for getxattr(2) etc., which state that these syscalls should return ENOTSUP if xattrs are not supported or disabled. Note that in the listsecurity case, we still need to return zero as we don't know which other xattr handlers may be active. For discussion of userland confusion, see: http://www.mail-archive.com/bug-coreutils@gnu.org/msg17988.html This patch corrects the error returns so that ENOTSUP is reported to userspace as required. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Serge Hallyn <serue@us.ibm.com>
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
security/security.c
| ... | ... | @@ -630,14 +630,14 @@ |
| 630 | 630 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) |
| 631 | 631 | { |
| 632 | 632 | if (unlikely(IS_PRIVATE(inode))) |
| 633 | - return 0; | |
| 633 | + return -EOPNOTSUPP; | |
| 634 | 634 | return security_ops->inode_getsecurity(inode, name, buffer, alloc); |
| 635 | 635 | } |
| 636 | 636 | |
| 637 | 637 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) |
| 638 | 638 | { |
| 639 | 639 | if (unlikely(IS_PRIVATE(inode))) |
| 640 | - return 0; | |
| 640 | + return -EOPNOTSUPP; | |
| 641 | 641 | return security_ops->inode_setsecurity(inode, name, value, size, flags); |
| 642 | 642 | } |
| 643 | 643 |