[PATCH 04/12] fs/namei.c: lookup_open(): move audit_inode_child() up

Next message: Jori Koolstra: "[PATCH 05/12] vfs: lookup_open(): move setting FMODE_CREATED up when calling create()"
Previous message: Jori Koolstra: "[PATCH 02/12] fs/namei.c: move create error &amp;&amp; negative dentry case in lookup_open up"
In reply to: David Laight: "Re: [PATCH 02/12] fs/namei.c: move create error &amp;&amp; negative dentry case in lookup_open up"
Next in thread: Jori Koolstra: "Re: [PATCH 04/12] fs/namei.c: lookup_open(): move audit_inode_child() up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jori Koolstra

Date: Sun Jun 14 2026 - 12:45:44 EST

In the mknod(2) path of calling vfs_create() we call audit_inode_child()
before permission checks in may_create_dentry() (but after path-based
LSM check). Copy this behaviour to lookup_open() and move
audit_inode_child() to may_o_create().

Signed-off-by: Jori Koolstra <jkoolstra@xxxxxxxxx>
---
fs/namei.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index 6bf1ded26377..a4a8cdbb48e2 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4345,6 +4345,8 @@ static int may_o_create(struct mnt_idmap *idmap,
if (error)
return error;

+ audit_inode_child(dir->dentry->d_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
+
if (!fsuidgid_has_mapping(dir->dentry->d_sb, idmap))
return -EOVERFLOW;

@@ -4532,7 +4534,6 @@ static struct dentry *lookup_open(struct nameidata *nd, struct file *file,
goto out_dput;

file->f_mode |= FMODE_CREATED;
- audit_inode_child(dir_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
if (!dir_inode->i_op->create) {
error = -EACCES;
goto out_dput;
--
2.54.0