Re: [PATCH] Re: Problem with setxattr on sockfs with Smack after 971df15bd54ad46e907046ff33750a137b2f0096
From: Casey Schaufler
Date: Wed Nov 02 2016 - 16:09:10 EST
On 11/2/2016 12:34 PM, Andreas Gruenbacher wrote:
> Casey,
>
> does this patch help?
My tests pass with this patch applied.
>
> (The way how security xattrs are handled by LSM is pretty ugly.
I'm open to suggestions.
> I'm not
> convinced that it doesn't break something else, yet.)
>
> Thanks,
> Andreas
> ---
> fs/xattr.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 3368659..bf09836 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -183,11 +183,13 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
> security_inode_post_setxattr(dentry, name, value,
> size, flags);
> }
> - } else if (issec) {
> - const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> -
> + } else {
> if (unlikely(is_bad_inode(inode)))
> return -EIO;
> + }
> + if (issec && error == -EOPNOTSUPP) {
> + const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> +
> error = security_inode_setsecurity(inode, suffix, value,
> size, flags);
> if (!error)