summaryrefslogtreecommitdiff
path: root/security/smack/smack_lsm.c
diff options
context:
space:
mode:
authorŁukasz Stelmach <l.stelmach@samsung.com>2014-12-16 16:53:08 +0100
committerCasey Schaufler <casey@schaufler-ca.com>2015-01-19 09:58:02 -0800
commit1d8c2326a4a2a4d942f9165b5702fe6f869ccf48 (patch)
tree73feff9476c237bb3bb5df51f7529217fa2768ab /security/smack/smack_lsm.c
parent68390ccf8b0a3470032f053d50379cfd49fbe952 (diff)
downloadlwn-1d8c2326a4a2a4d942f9165b5702fe6f869ccf48.tar.gz
lwn-1d8c2326a4a2a4d942f9165b5702fe6f869ccf48.zip
smack: introduce a special case for tmpfs in smack_d_instantiate()
Files created with __shmem_file_stup() appear to have somewhat fake dentries which make them look like root directories and not get the label the current process or ("*") star meant for tmpfs files. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r--security/smack/smack_lsm.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 048d92e81a34..2160e88a2e4e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3036,7 +3036,8 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
* of the superblock.
*/
if (opt_dentry->d_parent == opt_dentry) {
- if (sbp->s_magic == CGROUP_SUPER_MAGIC) {
+ switch (sbp->s_magic) {
+ case CGROUP_SUPER_MAGIC:
/*
* The cgroup filesystem is never mounted,
* so there's no opportunity to set the mount
@@ -3044,8 +3045,19 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
*/
sbsp->smk_root = &smack_known_star;
sbsp->smk_default = &smack_known_star;
+ isp->smk_inode = sbsp->smk_root;
+ break;
+ case TMPFS_MAGIC:
+ /*
+ * What about shmem/tmpfs anonymous files with dentry
+ * obtained from d_alloc_pseudo()?
+ */
+ isp->smk_inode = smk_of_current();
+ break;
+ default:
+ isp->smk_inode = sbsp->smk_root;
+ break;
}
- isp->smk_inode = sbsp->smk_root;
isp->smk_flags |= SMK_INODE_INSTANT;
goto unlockandout;
}